├── .travis.yml
├── LICENSE
├── README.md
├── data.json
├── identYwaf.py
└── screenshots
    ├── 360.png
    ├── aesecure.png
    ├── airlock.png
    ├── alertlogic.png
    ├── aliyundun.png
    ├── anquanbao.png
    ├── approach.png
    ├── armor.png
    ├── asm.png
    ├── astra.png
    ├── aws.png
    ├── barracuda.png
    ├── bekchy.png
    ├── bitninja.png
    ├── bluedon.png
    ├── bulletproof.png
    ├── cdnns.png
    ├── cerber.png
    ├── chuangyu.png
    ├── cloudbric.png
    ├── cloudflare.png
    ├── cloudfront.png
    ├── comodo.png
    ├── crawlprotect.png
    ├── distil.png
    ├── dotdefender.png
    ├── duedge.png
    ├── expressionengine.png
    ├── fortiweb.png
    ├── godaddy.png
    ├── greywizard.png
    ├── gtmc.png
    ├── imunify360.png
    ├── incapsula.png
    ├── janusec.png
    ├── jiasule.png
    ├── kona.png
    ├── kuipernet.png
    ├── malcare.png
    ├── modsecurity.png
    ├── naxsi.png
    ├── netscaler.png
    ├── newdefend.png
    ├── nexusguard.png
    ├── ninjafirewall.png
    ├── onmessageshield.png
    ├── openrasp.png
    ├── paloalto.png
    ├── profense.png
    ├── radware.png
    ├── reblaze.png
    ├── requestvalidationmode.png
    ├── rsfirewall.png
    ├── safe3.png
    ├── safedog.png
    ├── safeline.png
    ├── secupress.png
    ├── secureentry.png
    ├── secureiis.png
    ├── securesphere.png
    ├── shieldsecurity.png
    ├── siteground.png
    ├── siteguard.png
    ├── sitelock.png
    ├── sonicwall.png
    ├── squarespace.png
    ├── stackpath.png
    ├── sucuri.png
    ├── tencent.png
    ├── urlmaster.png
    ├── urlscan.png
    ├── vercel.png
    ├── virusdie.png
    ├── vsf.png
    ├── wallarm.png
    ├── watchguard.png
    ├── webarx.png
    ├── webknight.png
    ├── webland.png
    ├── wordfence.png
    ├── wts.png
    ├── yundun.png
    ├── yunsuo.png
    └── zenedge.png


/.travis.yml:
--------------------------------------------------------------------------------
 1 | language: python
 2 | dist: trusty
 3 | sudo: false
 4 | git:
 5 |     depth: 1
 6 | python:
 7 |     - "2.6"
 8 |     - "2.7"
 9 |     - "3.3"
10 |     - "3.6"
11 | script:
12 |     - python -c "import identYwaf"
13 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2019-2022 Miroslav Stampar
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ![](https://i.imgur.com/75HpbHJ.png)
 2 | 
 3 | [![Build Status](https://api.travis-ci.org/stamparm/identYwaf.svg?branch=master)](https://travis-ci.org/stamparm/identYwaf) [![Python 2.x|3.x](https://img.shields.io/badge/python-2.x|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/stamparm/identYwaf/blob/master/LICENSE) [![WAFs 80](https://img.shields.io/badge/WAFs-80-red.svg)](https://github.com/stamparm/identYwaf/blob/master/data.json)
 4 | 
 5 | **identYwaf** is an identification tool that can recognize web protection type (i.e. WAF) based on blind inference. Blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. `http://<host>?aeD0oowi=1 AND 2>1`). Currently it supports more than 80 different protection products (e.g. `aeSecure`, `Airlock`, `CleanTalk`, `CrawlProtect`, `Imunify360`, `MalCare`, `ModSecurity`, `Palo Alto`, `SiteGuard`, `UrlScan`, `Wallarm`, `WatchGuard`, `Wordfence`, etc.), while the knowledge-base is constantly growing.
 6 | 
 7 | For more information you can check [slides](https://www.slideshare.net/stamparm/blind-waf-identification) for a talk "**Blind WAF identification**" held at *Sh3llCON 2019* (Santander / Spain).
 8 | 
 9 | Note: as part of this project, [screenshots](https://github.com/stamparm/identYwaf/tree/master/screenshots) of characteristic responses for different web protection systems are being gathered (manually) for the future reference.
10 | 
11 | ## Screenshots
12 | 
13 | ![](https://imgur.com/AZVi9vB.png)
14 | 
15 | ![](https://i.imgur.com/tSOAgnn.png)
16 | 
17 | ![](https://imgur.com/FJchQI0.png)
18 | 
19 | ![](https://imgur.com/RqQdVJJ.png)
20 | 
21 | ![](https://imgur.com/weHTSv9.png)
22 | 
23 | ![](https://imgur.com/UKW2cRs.png)
24 | 
25 | ![](https://imgur.com/20cd08y.png)
26 | 
27 | ## Installation
28 | 
29 | You can download the latest zipball by clicking [here](https://github.com/stamparm/identYwaf/archive/master.zip).
30 | 
31 | Preferably, you can download identYwaf by cloning the Git repository:
32 | 
33 | `git clone --depth 1 https://github.com/stamparm/identYwaf.git`
34 | 
35 | **identYwaf** works out of the box with any Python version from **2.6.x** to **3.x** on any platform.
36 | 
37 | ## Usage
38 | 
39 | ```
40 | $ python identYwaf.py 
41 |                                     __ __ 
42 |  ____  ___      ___  ____   ______ |  T  T __    __   ____  _____ 
43 | l    j|   \    /  _]|    \ |      T|  |  ||  T__T  T /    T|   __|
44 |  |  T |    \  /  [_ |  _  Yl_j  l_j|  ~  ||  |  |  |Y  o  ||  l_
45 |  |  | |  D  YY    _]|  |  |  |  |  |___  ||  |  |  ||     ||   _|
46 |  j  l |     ||   [_ |  |  |  |  |  |     ! \      / |  |  ||  ] 
47 | |____jl_____jl_____jl__j__j  l__j  l____/   \_/\_/  l__j__jl__j  (1.0.XX)
48 | 
49 | Usage: python identYwaf.py [options] <host|url>
50 | 
51 | Options:
52 |   --version           Show program's version number and exit
53 |   -h, --help          Show this help message and exit
54 |   --delay=DELAY       Delay (sec) between tests (default: 0)
55 |   --timeout=TIMEOUT   Response timeout (sec) (default: 10)
56 |   --proxy=PROXY       HTTP proxy address (e.g. "http://127.0.0.1:8080")
57 |   --proxy-file=PRO..  Load (rotating) HTTP(s) proxy list from a file
58 |   --random-agent      Use random HTTP User-Agent header value
59 |   --code=CODE         Expected HTTP code in rejected responses
60 |   --string=STRING     Expected string in rejected responses
61 |   --post              Use POST body for sending payloads
62 | ```
63 | 


--------------------------------------------------------------------------------
/data.json:
--------------------------------------------------------------------------------
  1 | {
  2 |     "__copyright__": "Copyright (c) 2019-2021 Miroslav Stampar (@stamparm), MIT. See the file 'LICENSE' for copying permission",
  3 |     "__notice__": "The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software",
  4 | 
  5 |     "payloads": [
  6 |         "HTML::<img>",
  7 |         "SQLi::1 AND 1",
  8 |         "SQLi::1/**/AND/**/1",
  9 |         "SQLi::1/*0AND*/1",
 10 |         "SQLi::1 AND 1=1",
 11 |         "SQLi::1 AND 1 LIKE 1",
 12 |         "SQLi::1 AND 1 BETWEEN 0 AND 1",
 13 |         "SQLi::1 AND 2>(SELECT 1)-- -",
 14 |         "SQLi::' OR SLEEP(5) OR '",
 15 |         "SQLi::admin'-- -",
 16 |         "SQLi::information_schema",
 17 |         "SQLi::;DROP TABLE mysql.users",
 18 |         "SQLi::';DROP DATABASE mysql#",
 19 |         "SQLi::1/**/UNION/**/SELECT/**/1/**/FROM/**/information_schema.*",
 20 |         "SQLi::SELECT id FROM users WHERE id>2",
 21 |         "SQLi::1 UNION SELECT information_schema.*",
 22 |         "SQLi::1;EXEC xp_cmdshell('type autoexec.bat');",
 23 |         "SQLi::1;INSERT INTO USERS values('admin', 'foobar')",
 24 |         "XSS::<img src=x onerror=alert('XSS')>",
 25 |         "XSS::<img onfoo=f()>",
 26 |         "XSS::<script>",
 27 |         "XSS::<script>alert('XSS')</script>",
 28 |         "XSS::\\\";alert('XSS');//",
 29 |         "XSS::1' onerror=alert(String.fromCharCode(88,83,83))>",
 30 |         "XSS::<![CDATA[<script>var n=0;while(true){n++;}</script>]]>",
 31 |         "XSS::<meta http-equiv=\"refresh\" content=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">",
 32 |         "XSS::javascript:alert(/XSS/)",
 33 |         "XSS::<marquee onstart=alert(1)>",
 34 |         "XPATHi::' and count(/*)=1 and '1'='1",
 35 |         "XPATHi::count(/child::node())",
 36 |         "XPATHi::' and count(/comment())=1 and '1'='1",
 37 |         "XPATHi::' or '1'='1",
 38 |         "XXE::<!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]><foo>&xxe;</foo>",
 39 |         "LDAPi::admin*)((|userpassword=*)",
 40 |         "LDAPi::user=*)(uid=*))(|(uid=*",
 41 |         "LDAPi::*(|(objectclass=*))",
 42 |         "NOSQLi::true, $where: '1 == 1'",
 43 |         "NOSQLi::{ $ne: 1 }",
 44 |         "NOSQLi::' } ], $comment:'success'",
 45 |         "PHPi::<?php include_once(\"/etc/passwd\"); ?>",
 46 |         "ACE::netstat -antup | grep :443; ping 127.0.0.1; curl http://www.google.com",
 47 |         "PT:://///.htaccess",
 48 |         "PT::/etc/passwd",
 49 |         "PT::../../boot.ini",
 50 |         "PT::C:/inetpub/wwwroot/global.asa"
 51 |     ],
 52 |     "wafs": {
 53 |         "360": {
 54 |             "company": "360",
 55 |             "name": "360",
 56 |             "regex": "<title>493</title>|/wzws-waf-cgi/",
 57 |             "signatures": [
 58 |                 "9778:RVZXum61OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZjxtDtAeq+c36A5chW1XaTC",
 59 |                 "9ccc:RVZXum61OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZjxtDtAeq+c36A4chW1XaTC"
 60 |             ]
 61 |         },
 62 |         "aesecure": {
 63 |             "company": "aeSecure",
 64 |             "name": "aeSecure",
 65 |             "regex": "aesecure_denied\\.png|aesecure-code: \\d+",
 66 |             "signatures": [
 67 |                 "8a4b:RVdXu260OEhCWapBYKcPk4JzWOtohM4JiUcMrmRXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJOdLsXo2tKaK99n+i7c4RmkgI2FZnxtDtBeq+c36A4chW1XaTD"
 68 |             ]
 69 |         },
 70 |         "airlock": {
 71 |             "company": "Phion/Ergon",
 72 |             "name": "Airlock",
 73 |             "regex": "The server detected a syntax error in your request",
 74 |             "signatures": [
 75 |                 "3e2c:RVZXu261OEhCWapBYKcPk4JzWOtohM4IiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXomtKaK59n+i6c4RmkwI2FZjxtDtAeq6c36A5chW1XaTD"
 76 |             ]
 77 |         },
 78 |         "alertlogic": {
 79 |             "company": "Alert Logic",
 80 |             "name": "Alert Logic",
 81 |             "regex": "(?s)timed_redirect\\(seconds, url\\).+?<p class=\"lid\">Reference ID:",
 82 |             "signatures": []
 83 |         },
 84 |         "aliyundun": {
 85 |             "company": "Alibaba Cloud Computing",
 86 |             "name": "AliYunDun",
 87 |             "regex": "Sorry, your request has been blocked as it may cause potential threats to the server's security|//errors\\.aliyun\\.com/",
 88 |             "signatures": [
 89 |                 "e082:RVZXum61OElCWapAYKYPkoJzWOpohM4JiUYMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC"
 90 |             ]
 91 |         },
 92 |         "anquanbao": {
 93 |             "company": "Anquanbao",
 94 |             "name": "Anquanbao",
 95 |             "regex": "/aqb_cc/error/",
 96 |             "signatures": [
 97 |                 "c790:RVZXum61OElCWapAYKYPk4JzWOpohM4JiUYMr2RXg1uQJbX3uhdOn9hsOj+hXrAB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
 98 |                 "d3d3:RVZXum61OElCWapAYKYPk4JzWOpohM4JiUYMr2RXg1uQJbX3uhdOn9hsOj+hXrAB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC"
 99 |             ]
100 |         },
101 |         "approach": {
102 |             "company": "Approach",
103 |             "name": "Approach",
104 |             "regex": "Approach.+?Web Application (Firewall|Filtering)",
105 |             "signatures": [
106 |                 "fef0:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A5chW1XKTD"
107 |             ]
108 |         },
109 |         "armor": {
110 |             "company": "Armor Defense",
111 |             "name": "Armor Protection",
112 |             "regex": "This request has been blocked by website protection from Armor",
113 |             "signatures": [
114 |                 "03ec:RVZXum60OEhCWapBYKYPk4JzWOtohM4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c36A4chS1XaTC",
115 |                 "1160:RVZXum60OEhCWapBYKYPk4JyWOtohM4IiUcMr2RWg1qQJbX3uhZOnthsOj6hXrAA16BcPhJOdLoXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC"
116 |             ],
117 |             "note": "Uses SecureSphere (Imperva) (Reference: https://www.imperva.com/resources/case_studies/CS_Armor.pdf)"
118 |         },
119 |         "asm": {
120 |             "company": "F5 Networks",
121 |             "name": "Application Security Manager",
122 |             "regex": "The requested URL was rejected\\. Please consult with your administrator|security\\.f5aas\\.com",
123 |             "signatures": [
124 |                 "2f81:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI3FZjxtDtAeq+c36A4chS1XaTC",
125 |                 "4fd0:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq6c3qA4chS1XaTC",
126 |                 "5904:RVZXum60OEhCWapBYKcPk4JzWOpohc4IiUcMr2RWg1uQJbX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtTtAeq+c3qA4chS1XaTC",
127 |                 "8bcf:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtTtAeq6c36A5chS1XaTC",
128 |                 "540f:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtTtAeq+c36A5chS1XaTC",
129 |                 "c7ba:RVZXum60OEhCWKpAYKYPkoJzWOpohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXomtLaK99n+i7c4VmkwI3FZjxtDtAeq6c3qA4chS1XaTC",
130 |                 "fb21:RVZXum60OEhCWapBYKcPk4JzWOpohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI3FZjxtDtAeq+c36A5chW1XaTC",
131 |                 "b6ff:RVZXum61OEhCWapBYKcPkoJzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq+c36A4chW1XaTC",
132 |                 "3b1e:RVZXum60OEhCWapBYKcPk4JyWOpohM4IiUcMr2RWg1qQJLX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tKaK99nui7c4RmkgI2FZjxtDtAeq6c3qA5chS1XKTC",
133 |                 "620c:RVZXum60OEhCWapBYKcPkoJzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTC",
134 |                 "b9a0:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq+c3qA4chW1XaTC",
135 |                 "ccb6:RVdXum61OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtTtAeq+c36A5chW1XaTC",
136 |                 "9138:RVZXum60OEhCWapBYKcPk4JzWOpohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq6c3qA4chS1XaTC",
137 |                 "54cc:RVZXum61OEhCWapBYKcPkoJzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq6c3qA4chS1XaTC",
138 |                 "4c83:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4VmkwI3FZjxtDtAeq+c36A5chW1XaTC",
139 |                 "8453:RVZXum60OEhCWapBYKcPk4JzWOtohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI3FZjxtDtAeq+c36A4chS1XaTC"
140 |             ]
141 |         },
142 |         "astra": {
143 |             "company": "Czar Securities",
144 |             "name": "Astra",
145 |             "regex": "(?s)unfortunately our website protection system.+?//www\\.getastra\\.com",
146 |             "signatures": []
147 |         },
148 |         "aws": {
149 |             "company": "Amazon",
150 |             "name": "AWS WAF",
151 |             "regex": "(?i)HTTP/1.+\\b403\\b.+\\s+Server: aws|(?s)Request blocked.+?Generated by cloudfront",
152 |             "signatures": [
153 |                 "2998:RVZXu261OEhCWapBYKcPk4JzWOpohM4IiUcMr2RWg1uQJbX3uhZOnthsOj6hXrAA16BcPhJOdLoXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC",
154 |                 "fffa:RVZXum60OEhCWapAYKYPk4JyWOpohc4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPhJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC",
155 |                 "9de0:RVZXu261OEhCWapBYKcPk4JzWOpohM4IiUcMr2RWg1uQJbX3uhZOnthtOj+hXrAA16BcPhJOdLoXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC",
156 |                 "34a8:RVZXu261OEhCWapBYKcPk4JzWOpohM4IiUcMr2RWg1uQJbX3uhdOn9htOj+hXrAB16BcPxJOdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC",
157 |                 "1104:RVZXum61OEhCWapBYKcPk4JzWOpohM4IiUcMr2RXg1uQJbX3uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC",
158 |                 "ea40:RVZXu261OEhCWapBYKcPk4JzWOtohM4IiUcMr2RWg1uQJbX3uhdOn9htOj+hXrAB16BcPxJOdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC"
159 |             ]
160 |         },
161 |         "barracuda": {
162 |             "company": "Barracuda Networks",
163 |             "name": "Barracuda",
164 |             "regex": "\\bbarracuda_|barra_counter_session=|when this page occurred and the event ID found at the bottom of the page|<!--(0123456789){15}",
165 |             "signatures": [
166 |                 "2676:RVdXum61OElCWapAYKYPk4JzWOtohM4JiUcMr2RWg1qQJbX3uhdOn9htOj+hXrAB16FcPxJPdLsXo2tKaK99n+i6c4VmkwI3FZjxtDtAeq6c36A4chS1XaTC",
167 |                 "db27:RVdXum61OElCWapAYKYPk4JzWOtohM4JiUcMr2RWg1qQJbX3uhdOn9htOj+hXrAB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XaTC",
168 |                 "7e6b:RVdXum61OElCWapBYKYPk4JzWOtohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZjxtDtAeq+c36A4chS1XaTC"
169 |             ]
170 |         },
171 |         "bekchy": {
172 |             "company": "Faydata Information Technologies Inc.",
173 |             "name": "Bekchy",
174 |             "regex": "<title>Bekchy - Access Denided</title>|<a class=\"btn\" href=\"https://bekchy.com/report\">",
175 |             "signatures": [
176 |                 "e1c5:RVZXum60OEhCWKpAYKYPk4JzWOtohc4IiUYMr2RWg1uQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC"
177 |             ]
178 |         },
179 |         "bitninja": {
180 |             "company": "BitNinja",
181 |             "name": "BitNinja",
182 |             "regex": "alt=\"BitNinja|Security check by BitNinja|your IP will be removed from BitNinja|<title>Visitor anti-robot validation</title>",
183 |             "signatures": []
184 |         },
185 |         "bluedon": {
186 |             "company": "Bluedon",
187 |             "name": "Bluedon",
188 |             "regex": "Bluedon Web Application Firewall|Server: BDWAF",
189 |             "signatures": []
190 |         },
191 |         "bulletproof": {
192 |             "company": "AITpro Website Security",
193 |             "name": "BulletProof Security Pro",
194 |             "regex": "(?s)bpsMessage.+?403 Forbidden Error Page.+?If you arrived here due to a search or clicking on a link",
195 |             "signatures": []
196 |         },
197 |         "cdnns": {
198 |             "company": "CdnNs/WdidcNet",
199 |             "name": "CdnNsWAF",
200 |             "regex": "by CdnNsWAF Application Gateway",
201 |             "signatures": [
202 |                 "5c5d:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RWg1uQJbX2uhdOnthtOj+hX7AB16FcPhJPdLsXo2tLaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTC"
203 |             ]
204 |         },
205 |         "cerber": {
206 |             "company": "Cerber Tech",
207 |             "name": "WP Cerber Security",
208 |             "regex": "We're sorry, you are not allowed to proceed|Your request looks suspicious or similar to automated requests from spam posting software",
209 |             "signatures": [
210 |                 "d8c2:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC"
211 |             ]
212 |         },
213 |         "checkpoint": {
214 |             "company": "Check Point",
215 |             "name": "Next Generation Firewall",
216 |             "regex": "",
217 |             "signatures": [
218 |                 "b771:RVZXum61OEhCWapAYKYPkoJzWOpohc4JiUYMr2RWg1uQJbX2uhdOnthsOj+hX7AB16BcPhJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
219 |                 "3b40:RVZXum60OEhCWapAYKYPkoJzWOpohM4IiUYMrmRWg1qQJLX2uhdOnthsOj+hX7AB16BcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XKTC",
220 |                 "a332:RVZXum61OEhCWapAYKYPkoJzWOpohc4JiUYMr2RWg1uQJbX2uhdOnthsOj+hX7AB16BcPhJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC",
221 |                 "a89b:RVZXum61OEhCWapAYKYPkoJzWOpohc4JiUYMr2RWg1uQJbX2uhdOnthsOj+hX7AB16BcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC"
222 |             ]
223 |         },
224 |         "chuangyu": {
225 |             "company": "Yunaq",
226 |             "name": "Chuang Yu Shield",
227 |             "regex": " \\d+\\.\\d+\\.\\d+\\.\\d+/[0-9a-f]{7} \\[\\d+\\] ",
228 |             "signatures": [
229 |                 "eda6:RVZXum61OElCWapAYKcPkoJzWOpohM4IiUYMr2RXg1uQJbX2uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4VmkwI3FZjxtDtAeq+c36A5chW1XaTC",
230 |                 "5bae:RVZXum61OElCWapAYKYPkoJzWOpohM4IiUYMr2RXg1uQJbX2uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTC"
231 |             ]
232 |         },
233 |         "cloudbric": {
234 |             "company": "Cloudbric",
235 |             "name": "Cloudbric",
236 |             "regex": "Your request was blocked by Cloudbric",
237 |             "signatures": [
238 |                 "514d:RVZXum60OEhCWapBYKcPk4JzWOtohM4JiUcMrmRXg1qQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC"
239 |             ]
240 |         },
241 |         "cloudflare": {
242 |             "company": "CloudFlare",
243 |             "name": "CloudFlare",
244 |             "regex": "Attention Required! \\| Cloudflare|CLOUDFLARE_ERROR_",
245 |             "signatures": [
246 |                 "956d:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC",
247 |                 "6b42:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMr2RWg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC",
248 |                 "2295:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMr2RWg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC",
249 |                 "0d86:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMr2RWg1uQJbX2uhdOnthsOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC",
250 |                 "4849:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMrmRWg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC",
251 |                 "535c:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUYMr2RWg1uQJbX2uhdOnthtOj+hXrAB16FcPxJOdLoXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC",
252 |                 "675a:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMrmRWg1uQJbX2uhdOnthsOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC",
253 |                 "4a45:RVZXum60OEhCWKpAYKYPkoJzWOpohM4IiUcMrmRWg1uQJLX2uhdOnthsOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTC",
254 |                 "1f29:RVZXum60OEhCWKpAYKYPkoJzWOpohM4IiUcMrmRWg1uQJLX2uhZOnthtOj+hXrAA16FcPhJOdLoXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC",
255 |                 "6002:RVZXum60OEhCWapAYKYPkoJzWOpohM4IiUcMrmRWg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC",
256 |                 "78df:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMrmRWg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTD",
257 |                 "cf65:RVZXum60OEhCWapBYKcPkoJzWOtohM4IiUcMrmRWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4VmkgI2FZjxtDtAeq+c3qA5chW1XaTC",
258 |                 "85c6:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTC",
259 |                 "9a2d:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMrmRWg1uQJLX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC",
260 |                 "0576:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMrmRXg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC",
261 |                 "f3bb:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUYMr2RXg1uQJbX3uhdOnthtOj+hXrAB16FcPxJPdLoXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC",
262 |                 "471d:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMr2RWg1uQJbX2uhZOnthtOj+hXrAA16FcPhJOdLoXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC",
263 |                 "8936:RVZXum60OEhCWapAYKYPkoJzWOpohM4IiUcMrmRWg1uQJLX2uhdOnthsOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTC",
264 |                 "0ade:RVZXum60OEhCWapAYKYPkoJzWOpohM4IiUcMr2RWg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC",
265 |                 "22d1:RVZXum60OEhCWapBYKcPkoJzWOpohM4IiUcMr2RWg1uQJbX2uhdOnthtOj+hXrAA16FcPxJOdLoXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC",
266 |                 "e9bd:RVZXum60OEhCWKpAYKYPkoJzWOpohM4IiUYMr2RXg1uQJLX3uhdOnthsOj+hXrAB16FcPxJPdLoXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC"
267 |             ]
268 |         },
269 |         "comodo": {
270 |             "company": "Comodo",
271 |             "name": "Comodo",
272 |             "regex": "Server: Protected by COMODO WAF",
273 |             "signatures": [
274 |                 "ade8:RVZXum60OEhCWapAYKYPkoJzWOpohc4IiUYMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZjxtDtAeq+c36A5chW1XaTD",
275 |                 "f063:RVZXum60OEhCWapAYKYPkoJzWOpohM4IiUYMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZjxtDtAeq+c36A5chW1XaTD",
276 |                 "985c:RVZXum60OEhCWapAYKYPkoJzWOpohc4IiUYMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZjxtDtAeq+c3qA5chW1XaTD",
277 |                 "f063:RVZXum60OEhCWapAYKYPkoJzWOpohM4IiUYMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZjxtDtAeq+c36A5chW1XaTD",
278 |                 "1971:RVZXum60OEhCWapAYKYPkoJzWOpohM4IiUYMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTD"
279 |             ]
280 |         },
281 |         "crawlprotect": {
282 |             "company": "Jean-Denis Brun",
283 |             "name": "CrawlProtect",
284 |             "regex": "<title>CrawlProtect|This site is protected by CrawlProtectc|Set-Cookie: crawlprotecttag",
285 |             "signatures": [
286 |                 "1eca:RVZXum60OEhCWKpBYKYPkoJzWOpohM4IiUYMrmRXg1uQJLX2uhZOnthtOj+hXrAA16FcPhJPdLoXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XKTC"
287 |             ]
288 |         },
289 |         "distil": {
290 |             "company": "Distil Networks",
291 |             "name": "Distil",
292 |             "regex": "distilCaptchaForm|distilCallbackGuard|cdn\\.distilnetworks\\.com/images/anomaly-detected\\.png",
293 |             "signatures": []
294 |         },
295 |         "dotdefender": {
296 |             "company": "Applicure Technologies",
297 |             "name": "dotDefender",
298 |             "regex": "dotDefender Blocked Your Request|Applicure is the leading provider of web application security|Please contact the site administrator, and provide the following Reference ID",
299 |             "signatures": [
300 |                 "7cce:RVZXum60OEhCWapAYKYPkoJzWOpohM4IiUYMrmRWg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC",
301 |                 "dddb:RVdXum61OElCWapAYKYPk4JzWOtohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC",
302 |                 "0718:RVZXum61OElCWapAYKYPk4JzWOtohM4IiUYMr2RWg1uQJbX2uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC",
303 |                 "9bf2:RVdXum61OElCWapAYKYPk4JzWOtohM4IiUYMr2RXg1uQJbX2uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC"
304 |             ]
305 |         },
306 |         "duedge": {
307 |             "company": "Baidu",
308 |             "name": "DuEdge",
309 |             "regex": "(?s)<h1>403<small>.+DuEdge Event ID: [0-9a-f]{16}.+IP: [0-9.]+",
310 |             "signatures": []
311 |         },
312 |         "expressionengine": {
313 |             "company": "EllisLab",
314 |             "name": "ExpressionEngine",
315 |             "regex": "(?s)\\bexp_last_.+?(Invalid GET Data|Invalid URI)",
316 |             "signatures": [
317 |                 "88ec:RVZXum60OEhCWKpAYKYPkoJyWOpohM4JiUcMrmRWg1qQJbX3uhZOnthsOj6hX7AA16FcPxJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A4chS1XKTC"
318 |             ]
319 |         },
320 |         "fortiweb": {
321 |             "company": "Fortinet",
322 |             "name": "FortiWeb",
323 |             "regex": "Server Unavailable!",
324 |             "signatures": [
325 |                 "9d05:RVZXu261OElCWapBYKcPk4JzWOtohM4IiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4VmkwI3FZjxtDtAeq+c36A5chW1XaTD"
326 |             ]
327 |         },
328 |         "godaddy": {
329 |             "company": "GoDaddy",
330 |             "name": "GoDaddy Website Security",
331 |             "regex": "GoDaddy Security - Access Denied|Access Denied - GoDaddy Website Firewall",
332 |             "signatures": [
333 |                 "6cff:RVdXum60OEhCWapAYKYPk4JzWOtohM4IiUYMr2RWg1uQJbX3uhdOn9htOj+hXrAA16FcPxJOdLoXomtKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC"
334 |             ]
335 |         },
336 |         "greywizard": {
337 |             "company": "Grey Wizard",
338 |             "name": "Greywizard",
339 |             "regex": "(?i)server: greywizard|detected attempted attack or non standard traffic from your IP address|<title>Grey Wizard</title>",
340 |             "signatures": [
341 |                 "c669:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOnthsOj+hX7AB16FcPhJPdLsXomtKaK59nui7c4RmkwI2FZjxtDtAeq+c3qA5chW1XaTC"
342 |             ]
343 |         },
344 |         "gtmc": {
345 |             "company": "GTMC",
346 |             "name": "GTMC WAF",
347 |             "regex": "GTMC WAF1 Protection:|Please consult with administrator or waf@nm.gtmc.com.tw",
348 |             "signatures": []
349 |         },
350 |         "imunify360": {
351 |             "company": "CloudLinux",
352 |             "name": "Imunify360",
353 |             "regex": "Server: imunify360-webshield|protected by Imunify360|Powered by Imunify360|imunify360 preloader",
354 |             "signatures": []
355 |         },
356 |         "incapsula": {
357 |             "company": "Incapsula/Imperva",
358 |             "name": "Incapsula",
359 |             "regex": "Incapsula incident ID",
360 |             "signatures": [
361 |                 "2770:RVZXum60OEhCWKpAYKYPkoJzWOpohc4IiUYMr2RWg1uQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC",
362 |                 "3193:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZnxtDtAeq6c3qA4chS1XKTC",
363 |                 "cdd1:RVZXum60OEhCWapAYKcPk4JzWOpohM4IiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXomtLaK99n+i7c4RmkgI2FZnxtTtBeq+c36A5chW1XaTC"
364 |             ]
365 |         },
366 |         "isaserver": {
367 |             "company": "Microsoft",
368 |             "name": "ISA Server",
369 |             "regex": "The (ISA Server|server) denied the specified Uniform Resource Locator \\(URL\\)",
370 |             "signatures": []
371 |         },
372 |         "ithemes": {
373 |             "company": "iThemes",
374 |             "name": "iThemes Security",
375 |             "regex": "",
376 |             "signatures": [
377 |                 "c70f:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX3uhZOnthtOj+hXrAA16FcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
378 |                 "71ee:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1qQJLX2uhZOnthtOj+hXrAA16FcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC"
379 |             ],
380 |             "note": "Formerly Better WP Security"
381 |         },
382 |         "janusec": {
383 |             "company": "Janusec",
384 |             "name": "Janusec Application Gateway",
385 |             "regex": "Reason:.+by Janusec Application Gateway",
386 |             "signatures": [
387 |                 "5c5d:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RWg1uQJbX2uhdOnthtOj+hX7AB16FcPhJPdLsXo2tLaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTC"
388 |             ]
389 |         },
390 |         "jiasule": {
391 |             "company": "Jiasule",
392 |             "name": "Jiasule",
393 |             "regex": "Server: jiasule-WAF|notice-jiasule|static\\.jiasule\\.com/static/js/http_error\\.js",
394 |             "signatures": [
395 |                 "7520:RVZXum61OElCWapAYKYPk4JzWOpohM4IiUYMr2RXg1uQJbX2uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtBeq+c36A5chW1XaTD",
396 |                 "001e:RVZXum61OElCWapAYKYPkoJzWOpohM4IiUYMr2RXg1uQJbX2uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI3FZjxtTtAeq+c36A5chW1XaTC",
397 |                 "665d:RVZXum61OElCWapAYKYPkoJzWOpohM4IiUYMr2RXg1uQJbX2uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA5chS1XaTC",
398 |                 "4fed:RVZXum61OElCWapAYKYPkoJzWOpohM4IiUYMr2RXg1uQJbX2uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC"
399 |             ]
400 |         },
401 |         "knownsec": {
402 |             "company": "Knownsec",
403 |             "name": "KS-WAF",
404 |             "regex": "url\\('/ks-waf-error\\.png'\\)",
405 |             "signatures": []
406 |         },
407 |         "kona": {
408 |             "company": "Akamai Technologies",
409 |             "name": "Kona Site Defender",
410 |             "regex": "(?s)Server: AkamaiGHost.+?You don't have permission to access|\\b18\\.[0-9a-f]{8}.1[0-9]{9}\\.[0-9a-f]{7}\\b",
411 |             "signatures": [
412 |                 "b996:RVZXum60OEhCWapAYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
413 |                 "1893:RVZXum60OEhCWapAYKYPk4JzWOtohM4JiUcMr2RXg1uQJLX3uhZOnthsOj6hXrAA16BcPhJOdLoXo2tKaK99n+i6c4RmkwI2FZjxtDtAeq+c3qA4chS1XKTC",
414 |                 "165b:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC",
415 |                 "12b3:RVZXum60OEhCWKpAYKYPkoJzWOpohM4IiUYMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
416 |                 "3426:RVZXum60OEhCWapAYKYPk4JzWOtohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC",
417 |                 "e197:RVZXum60OEhCWKpAYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhZOnthsOj6hXrAA16BcPhJOdLoXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC",
418 |                 "eb57:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOn9htOj+hX7AB16FcPxJPdLsXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c36A4chS1XaTC",
419 |                 "94ed:RVZXum60OEhCWapAYKYPkoJzWOpohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
420 |                 "5ca8:RVZXum60OEhCWKpAYKYPkoJzWOtohM4IiUYMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXomtKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
421 |                 "cc5b:RVZXum60OEhCWKpAYKYPkoJzWOtohM4IiUYMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
422 |                 "e7d9:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLoXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
423 |                 "bd78:RVZXum60OEhCWKpAYKYPk4JzWOtohM4JiUcMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
424 |                 "6cbc:RVZXum60OEhCWKpAYKYPkoJzWOpohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTD",
425 |                 "a40d:RVZXum60OEhCWKpAYKYPkoJzWOpohM4JiUcMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
426 |                 "1f03:RVZXum60OEhCWapBYKYPk4JzWOpohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTD",
427 |                 "e120:RVZXum60OEhCWKpAYKYPkoJzWOpohM4IiUYMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
428 |                 "7ae5:RVZXum60OEhCWKpAYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
429 |                 "6bf2:RVZXum60OEhCWapAYKYPkoJzWOtohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
430 |                 "1db3:RVZXum60OEhCWKpAYKYPkoJzWOpohM4JiUcMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC",
431 |                 "fcbb:RVZXum60OEhCWapAYKYPkoJzWOtohM4IiUYMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
432 |                 "d1b6:RVZXum60OEhCWKpAYKYPkoJzWOpohM4IiUYMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD",
433 |                 "8b30:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTD",
434 |                 "8db8:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD",
435 |                 "8900:RVZXum60OEhCWapAYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD",
436 |                 "677e:RVZXum60OEhCWapAYKYPkoJzWOpohM4JiUcMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
437 |                 "a13a:RVZXum60OEhCWKpAYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
438 |                 "579e:RVZXum60OEhCWKpAYKYPkoJzWOpohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
439 |                 "82b4:RVZXum60OEhCWapAYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTD",
440 |                 "22e4:RVZXum60OEhCWapAYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhZOnthsOj6hXrAA16BcPhJOdLoXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC",
441 |                 "bd0e:RVZXum60OEhCWapAYKYPk4JzWOtohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD",
442 |                 "8976:RVZXum60OEhCWKpAYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
443 |                 "e34c:RVZXum60OEhCWapAYKYPkoJyWOpohM4IiUYMr2RWg1qQJLX2uhdOn9htOj+hX7AB16FcPxJPdLsXomtKaK59nui6c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC"
444 |             ]
445 |         },
446 |         "kuipernet": {
447 |             "company": "ASTSoft",
448 |             "name": "Kuipernet",
449 |             "regex": "(?s)Content-Length: 118214.+W5M0MpCehiHzreSzNTczkc9d",
450 |             "signatures": []
451 |         },
452 |         "malcare": {
453 |             "company": "Inactiv",
454 |             "name": "MalCare",
455 |             "regex": "Blocked because of Malicious Activities|Firewall(<[^>]+>)*powered by(<[^>]+>)*MalCare",
456 |             "signatures": [
457 |                 "def2:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC"
458 |             ]
459 |         },
460 |         "modsecurity": {
461 |             "company": "Trustwave",
462 |             "name": "ModSecurity",
463 |             "regex": "(?i)Server:.+mod_security|This error was generated by Mod_Security|/modsecurity\\-errorpage/|One or more things in your request were suspicious|rules of the mod_security module|mod_security rules triggered|Protected by Mod Security|HTTP Error 40\\d\\.0 - ModSecurity Action|40\\d ModSecurity Action|ModSecurity IIS \\(\\d+bits\\)</td>",
464 |             "signatures": [
465 |                 "46d5:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hX7AB16FcPhJPdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
466 |                 "1ece:RVZXum61OEhCWapBYKcPk4JzWOpohc4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPhJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
467 |                 "69c6:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthsOj+hX7AB16FcPhJPdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
468 |                 "28eb:RVZXum60OEhCWapAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX2uhZOnthtOj+hXrAB16FcPhJOdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XaTC",
469 |                 "3918:RVZXum60OEhCWapAYKYPk4JyWOpohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPhJPdLsXomtKaK99n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
470 |                 "511d:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hX7AB16FcPhJPdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
471 |                 "f694:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhZOnthtOj+hX7AB16FcPhJPdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
472 |                 "51ca:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hX7AB16FcPhJOdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
473 |                 "e18b:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhZOnthtOj+hX7AB16FcPhJOdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
474 |                 "6e99:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hXrAB16FcPhJPdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
475 |                 "dd72:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
476 |                 "f53e:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
477 |                 "e15c:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhZOnthtOj+hX7AB16FcPhJPdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
478 |                 "ded8:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhZOnthtOj+hXrAB16FcPhJPdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
479 |                 "6e99:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hXrAB16FcPhJPdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
480 |                 "7986:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hXrAB16FcPhJOdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
481 |                 "02b2:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD",
482 |                 "4602:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hX7AB16FcPhJOdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
483 |                 "b1a2:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD",
484 |                 "5e9a:RVZXum60OEhCWapAYKYPk4JyWOpohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hXrAB16FcPhJPdLsXomtKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD",
485 |                 "35c4:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hX7AB16FcPhJPdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chS1XKTC",
486 |                 "c697:RVZXum60OEhCWapAYKYPk4JyWOpohM4JiUcMr2RXg1uQJbX3uhZOnthtOj+hX7AB16FcPhJPdLsXomtKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD",
487 |                 "85e3:RVZXum60OElCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hX7AB16FcPhJPdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
488 |                 "7d7f:RVZXum60OEhCWapAYKYPk4JyWOpohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD",
489 |                 "064b:RVZXum60OEhCWapAYKYPk4JyWOpohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hXrAB16FcPhJOdLsXomtKaK99n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
490 |                 "5659:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUYMr2RXg1uQJbX2uhdOnthtOj+hX7AB16FcPhJPdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
491 |                 "94b1:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJbX2uhdOnthtOj+hX7AB16FcPhJPdLsXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
492 |                 "7951:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUcMr2RXg1uQJLX2uhdOnthtOj+hXrAB16FcPhJPdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD",
493 |                 "b83a:RVZXum60OEhCWKpAYKYPkoJyWOpohM4JiUYMrmRWg1qQJbX2uhdOnthtOj+hX7AB16FcPhJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTD",
494 |                 "4191:RVZXum60OEhCWapAYKYPkoJyWOpohM4JiUYMr2RXg1uQJbX2uhdOnthtOj+hX7AB16FcPhJPdLoXomtKaK59n+i7c4RmkgI2FZjxtDtAeq6c36A4chW1XaTD"
495 |             ]
496 |         },
497 |         "naxsi": {
498 |             "company": "NBS System",
499 |             "name": "NAXSI",
500 |             "regex": "(?i)Blocked By NAXSI|Naxsi Blocked Information|naxsi/waf",
501 |             "signatures": [
502 |                 "19ee:RVdXum61OElCWKpAYKYPk4JzWOtohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4VmkwI3FZnxtDtBeq+c36A4chW1XaTC"
503 |             ]
504 |         },
505 |         "netscaler": {
506 |             "company": "Citrix",
507 |             "name": "NetScaler AppFirewall",
508 |             "regex": "<title>Application Firewall Block Page</title>|Violation Category: APPFW_|AppFW Session ID|Access has been blocked - if you feel this is in error, please contact the site administrators quoting the following",
509 |             "signatures": [
510 |                 "9c6c:RVdXum60OEhCWKpAYKYPkoJzWOpohM4JiUcMrmRWg1qQJbX3uhdOn9hsOj6hXrAA16BcPhJOdLsXo2tKaK99n+i6c4RmkgI2FZnxtDtAeq6c3qA4chS1XKTC"
511 |             ]
512 |         },
513 |         "newdefend": {
514 |             "company": "Newdefend",
515 |             "name": "Newdefend",
516 |             "regex": "Server: NewDefend|/nd_block/",
517 |             "signatures": [
518 |                 "1ba1:RVZXu261OElCWapBYKYPk4JzWOpohM4JiUcMr2RXg1uQJLX3uhdOnthsOj+hX7AB16FcPxJPdLoXo2tKaK99n+i7c4RmkwI3FZjxtDtAeq+c36A4chW1XaTD"
519 |             ]
520 |         },
521 |         "nexusguard": {
522 |             "company": "Nexusguard Limited",
523 |             "name": "Nexusguard",
524 |             "regex": "speresources\\.nexusguard\\.com/wafpage/[^>]*#\\d{3};|<p>Powered by Nexusguard</p>",
525 |             "signatures": [
526 |                 "869d:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOn9htOj+hX7AB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTC"
527 |             ]
528 |         },
529 |         "ninjafirewall": {
530 |             "company": "NinTechNet",
531 |             "name": "NinjaFirewall",
532 |             "regex": "<title>NinjaFirewall: 403 Forbidden|For security reasons?, it was blocked and logged",
533 |             "signatures": [
534 |                 "2c12:RVZXum60OEhCWapBYKYPkoJzWOtohM4JiUcMr2RXg1uQJLX3uhdOn9hsOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtBeq+c3qA4chW1XaTC"
535 |             ]
536 |         },
537 |         "onmessageshield": {
538 |             "company": "Blackbaud",
539 |             "name": "onMessage Shield",
540 |             "regex": "This site is protected by an enhanced security system to ensure a safe browsing experience|onMessage SHIELD",
541 |             "signatures": [
542 |                 "125a:RVdXum61OElCWKpAYKYPk4JzWOtohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4VmkwI3FZnxtDtBeq+c36A5chW1XaTC"
543 |             ]
544 |         },
545 |         "openrasp": {
546 |             "company": "Blackbaud",
547 |             "name": "OpenRASP",
548 |             "regex": "400 - Request blocked by OpenRASP|https://rasp.baidu.com/blocked2?/",
549 |             "signatures": []
550 |         },
551 |         "paloalto": {
552 |             "company": "Palo Alto Networks",
553 |             "name": "Palo Alto",
554 |             "regex": "has been blocked in accordance with company policy|Palo Alto Next Generation Security Platform",
555 |             "signatures": [
556 |                 "862a:RVZXum60OEhCWapAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX3uhZOnthsOj+hXrAA16BcPhJPdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c3qA4chW1XKTC",
557 |                 "5fe6:RVZXum60OEhCWapAYKYPkoJyWOpohM4IiUYMrmRWg1uQJLX2uhZOnthsOj+hXrAA16BcPhJPdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c3qA4chW1XKTC",
558 |                 "cffd:RVZXum60OEhCWapAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX3uhZOnthsOj+hXrAA16BcPhJPdLoXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chW1XKTC",
559 |                 "1427:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthtOj+hXrAA16FcPhJPdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC",
560 |                 "fa37:RVZXum60OEhCWapAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX3uhZOnthsOj6hXrAA16BcPhJOdLoXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC",
561 |                 "9135:RVZXum60OEhCWapAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX3uhZOnthsOj+hXrAA16BcPhJOdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq6c3qA4chW1XKTC",
562 |                 "953a:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthsOj+hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chW1XKTC"
563 |             ]
564 |         },
565 |         "perimeterx": {
566 |             "company": "PerimeterX",
567 |             "name": "PerimeterX",
568 |             "regex": "https://www.perimeterx.com/whywasiblocked",
569 |             "signatures": []
570 |         },
571 |         "profense": {
572 |             "company": "ArmorLogic",
573 |             "name": "Profense",
574 |             "regex": "Server: Profense",
575 |             "signatures": [
576 |                 "eaee:RVZXum60OEhCWapAYKYPkoJyWOtohM4JiUcMr2RWg1uQJbX3uhdOnthsOj+hXrAB16FcPxJOdLsXo2tLaK99n+i6c4VmkwI3FZjxtDtAeq6c3qA4chS1XaTC"
577 |             ]
578 |         },
579 |         "radware": {
580 |             "company": "Radware",
581 |             "name": "AppWall",
582 |             "regex": "Unauthorized Request Blocked|You are seeing this page because we have detected unauthorized activity|mailto:CloudWebSec@radware\\.com",
583 |             "signatures": [
584 |                 "e68e:RVdXu261OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hXrAB16FcPxJPdLsXo2tKaK99n+i7c4VmkwI3FZnxtDtAeq+c36A5chW1XaTD",
585 |                 "48fa:RVdXu260OEhCWapBYKcPkoJzWOpohM4JiUYMrmRXg1uQJbX3uhdOn9hsOj+hX7AA16BcPxJOdLsXomtKaK59n+i6c4RmkgI2FZnxtDtAeq6c3qA5chW1XaTD",
586 |                 "8fc4:RVdXu261OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hXrAB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI3FZnxtDtAeq+c36A5chW1XaTD"
587 |             ]
588 |         },
589 |         "reblaze": {
590 |             "company": "Reblaze",
591 |             "name": "Reblaze",
592 |             "regex": "For further information, do not hesitate to contact us",
593 |             "signatures": [
594 |                 "86fb:RVZXum61OElCWKpAYKcPkoJzWOtohM4JiUcMr2RXg1uQJbX3uhdOnthsOj6hXrAB16BcPhJPdLoXo2tLaK99n+i7c4RmkgI2FZjxtDtBeq+c36A5chW1XaTD"
595 |             ]
596 |         },
597 |         "requestvalidationmode": {
598 |             "company": "Microsoft",
599 |             "name": "ASP.NET RequestValidationMode",
600 |             "regex": "HttpRequestValidationException|Request Validation has detected a potentially dangerous client input value|ASP\\.NET has detected data in the request that is potentially dangerous",
601 |             "signatures": [
602 |                 "7ecd:RVdXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOn9htOj+hXrAA16FcPxJOdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC",
603 |                 "919b:RVdXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOn9htOj+hXrAA16FcPxJOdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTD",
604 |                 "14fa:RVdXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOn9htOj+hXrAA16FcPxJOdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chS1XaTC",
605 |                 "a10d:RVdXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOn9htOj+hXrAA16FcPxJOdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC",
606 |                 "7564:RVdXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhdOn9htOj+hXrAA16FcPhJOdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC"
607 |             ]
608 |         },
609 |         "rsfirewall": {
610 |             "company": "RSJoomla!",
611 |             "name": "RSFirewall",
612 |             "regex": "COM_RSFIREWALL_",
613 |             "signatures": [
614 |                 "d829:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1uQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XaTC"
615 |             ]
616 |         },
617 |         "safe3": {
618 |             "company": "Safe3",
619 |             "name": "Safe3",
620 |             "regex": "Server: Safe3 Web Firewall|Safe3waf/",
621 |             "signatures": [
622 |                 "1b84:RVZXum60OEhCWKpAYKYPk4JyWOpohM4IiUYMr2RWg1uQJbX2uhdOnthtOj+hX7AB16FcPhJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC"
623 |             ]
624 |         },
625 |         "safedog": {
626 |             "company": "Safedog",
627 |             "name": "Safedog",
628 |             "regex": "Server: Safedog|safedogsite/broswer_logo\\.jpg|404\\.safedog\\.cn/sitedog_stat\\.html|404\\.safedog\\.cn/images/safedogsite/head\\.png",
629 |             "signatures": [
630 |                 "0ee1:RVdXu261OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AA16FcPhJOdLoXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTD",
631 |                 "28a0:RVZXu261OEhCWapBYKcPk4JzWOpohM4IiUcMr2RXg1uQJbX3uhdOnthsOj+hX7AA16FcPhJOdLoXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC",
632 |                 "90fa:RVZXu261OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AA16FcPhJOdLoXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTD"
633 |             ]
634 |         },
635 |         "safeline": {
636 |             "company": "Chaitin Tech",
637 |             "name": "SafeLine Next Gen WAF",
638 |             "regex": "<!\\-\\- event_id: [0-9a-f]{32} \\-\\->",
639 |             "signatures": []
640 |         },
641 |         "secureentry": {
642 |             "company": "United Security Providers",
643 |             "name": "Secure Entry Server",
644 |             "regex": "Server: Secure Entry Server",
645 |             "signatures": [
646 |                 "6249:RVZXum60OEhCWKpAYKYPk4JzWOpohM4IiUcMr2RWg1uQJbX3uhdOn9htOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC"
647 |             ]
648 |         },
649 |         "secureiis": {
650 |             "company": "BeyondTrust",
651 |             "name": "SecureIIS Web Server Security",
652 |             "regex": "//www\\.eeye\\.com/SecureIIS/|\\?subject=[^>]*SecureIIS Error|SecureIIS[^<]+Web Server Protection",
653 |             "signatures": [
654 |                 "b43e:RVZXum60OEhCWKpAYKYPkoJzWOtohM4IiUcMrmRWg1qQJbX3uhdOnthsOj+hX7AB16BcPhJOdLoXo2tKaK99n+i6c4VmkwI3FZnxtDtBeq6c36A4chS1XaTC",
655 |                 "71c7:RVZXum61OElCWKpAYKYPk4JyWOpohc4IiUYMr2RWg1uQJbX2uhdOnthtOj+hXrAB16FcPhJOdLoXo2tLaK99nui7c4RmkwI2FZjxtDtAeq+c36A4chW1XaTC",
656 |                 "f2ed:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJbX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4VmkwI3FZjxtDtAeq6c36A4chS1XaTC"
657 |             ]
658 |         },
659 |         "secupress": {
660 |             "company": "SecuPress",
661 |             "name": "SecuPress",
662 |             "regex": "<h1>SecuPress</h1><h2>\\d{3}",
663 |             "signatures": [
664 |                 "bcb4:RVZXum60OEhCWKpAYKYPkoJyWOpohc4IiUYMr2RWg1uQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC"
665 |             ]
666 |         },
667 |         "shieldsecurity": {
668 |             "company": "One Dollar Plugin",
669 |             "name": "Shield Security",
670 |             "regex": "Something in the URL, Form or Cookie data wasn't appropriate",
671 |             "signatures": [
672 |                 "e41d:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTD",
673 |                 "389c:RVZXum61OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTD",
674 |                 "a79a:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTD"
675 |             ]
676 |         },
677 |         "securesphere": {
678 |             "company": "Imperva",
679 |             "name": "SecureSphere",
680 |             "regex": "<H2>Error</H2>.+?#FEEE7A.+?<STRONG>Error</STRONG>|Contact support for additional information.<br/>The incident ID is: (\\d{19}|N/A)",
681 |             "signatures": [
682 |                 "c055:RVZXum60OEhCWapAYKYPkoJzWOpohM4JiUcMr2RWg1uQJbX2uhZOnthsOj+hX7AB16FcPxJPdLoXomtKaK59n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC",
683 |                 "f460:RVZXum60OEhCWapBYKYPk4JzWOtohM4JiUcMr2RWg1uQJbX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC",
684 |                 "9113:RVZXum60OEhCWapBYKYPk4JzWOtohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC",
685 |                 "dc2c:RVZXum60OEhCWapBYKYPk4JzWOtohM4JiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC",
686 |                 "599d:RVZXum60OEhCWapBYKYPk4JzWOtohM4JiUcMr2RWg1uQJbX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC",
687 |                 "a86e:RVZXum60OEhCWapBYKYPk4JyWOtohM4JiUcMr2RWg1uQJbX3uhdOnthtOj+hXrAB16FcPxJPdLsXo2tKaK99n+i6c4RmkgI2FZjxtDtAeq+c36A4chS1XaTC",
688 |                 "81ca:RVZXum60OEhCWapBYKYPk4JzWOtohM4IiUcMr2RWg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC"
689 |             ]
690 |         },
691 |         "siteground": {
692 |             "company": "SiteGround",
693 |             "name": "SiteGround",
694 |             "regex": "The page you are trying to access is restricted due to a security rule|Our system thinks you might be a robot!|/.well-known/captcha/",
695 |             "signatures": [
696 |                 "da25:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA5chW1XKTC"
697 |             ]
698 |         },
699 |         "siteguard": {
700 |             "company": "JP-Secure",
701 |             "name": "SiteGuard",
702 |             "regex": "Powered by SiteGuard|The server refuse to browse the page",
703 |             "signatures": [
704 |                 "6e49:RVZXum61OElCWapBYKcPk4JzWOtohM4JiUYMr2RWg1qQJbX3uhdOnthtOj+hX7AB16FcPhJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
705 |                 "9839:RVZXum61OElCWapBYKcPk4JzWOtohM4JiUYMr2RWg1qQJbX3uhdOnthtOj+hX7AB16FcPhJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq6c36A4chS1XaTC",
706 |                 "bc2d:RVZXum61OElCWapBYKcPk4JzWOtohM4JiUYMr2RWg1qQJLX3uhdOnthtOj+hX7AB16FcPhJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC"
707 |             ]
708 |         },
709 |         "sitelock": {
710 |             "company": "SiteLock",
711 |             "name": "TrueShield",
712 |             "regex": "SiteLock Incident ID|SiteLock will remember you and will not show this page again|<span class=\\\"value INCIDENT_ID\\\">",
713 |             "signatures": [],
714 |             "note": "Uses Incapsula (Reference: https://www.whitefirdesign.com/blog/2016/11/08/more-evidence-that-sitelocks-trueshield-web-application-firewall-is-really-incapsulas-waf/)"
715 |         },
716 |         "sniper": {
717 |             "company": "Wins",
718 |             "name": "Sniper",
719 |             "regex": "document\\.title = [^;]+Sniper WAF",
720 |             "signatures": []
721 |         },
722 |         "sonicwall": {
723 |             "company": "Dell",
724 |             "name": "SonicWALL",
725 |             "regex": "Server: SonicWALL|(?s)<title>Web Site Blocked</title>.+?nsa_banner",
726 |             "signatures": [
727 |                 "f85c:RVZXum61OElCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1qQJLX2uhZOnthsOj+hX7AA16FcPxJPdLoXo2tLaK99nui7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTD"
728 |             ]
729 |         },
730 |         "sophos": {
731 |             "company": "Sophos",
732 |             "name": "UTM Web Protection",
733 |             "regex": "Powered by UTM Web Protection",
734 |             "signatures": []
735 |         },
736 |         "squarespace": {
737 |             "company": "Squarespace",
738 |             "name": "Squarespace",
739 |             "regex": "(?s) @ .+?BRICK-50",
740 |             "signatures": [
741 |                 "b012:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC",
742 |                 "4381:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOn9hsOj6hXrAA16BcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTC"
743 |             ]
744 |         },
745 |         "stackpath": {
746 |             "company": "StackPath",
747 |             "name": "StackPath",
748 |             "regex": "You performed an action that triggered the service and blocked your request",
749 |             "signatures": [
750 |                 "5ab0:RVZXum60OEhCWKpAYKYPkoJzWOpohM4JiUYMr2RWg1uQJbX2uhdOn9hsOj+hXrAA16FcPhJOdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTD",
751 |                 "7e0a:RVZXum60OEhCWKpAYKYPkoJzWOpohM4JiUYMr2RWg1uQJbX2uhdOn9htOj+hXrAA16FcPxJOdLsXomtKaK59n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTD"
752 |             ]
753 |         },
754 |         "sucuri": {
755 |             "company": "Sucuri",
756 |             "name": "Sucuri",
757 |             "regex": "Access Denied - Sucuri Website Firewall|Sucuri WebSite Firewall - CloudProxy - Access Denied|Questions\\?.+cloudproxy@sucuri\\.net",
758 |             "signatures": [
759 |                 "60a9:RVZXum61OElCWapAYKYPk4JzWOpohM4JiUYMr2RXg1uQJbX3uhdOn9htOj+hXrAB16FcPxJPdLsXo2tLaK99n+i7c4RmkwI2FZjxtDtAeq+c36A5chW1XaTC"
760 |             ]
761 |         },
762 |         "tencent": {
763 |             "company": "Tencent Cloud Computing",
764 |             "name": "Tencent Cloud|Waterproof Wall",
765 |             "regex": "waf\\.tencent-cloud\\.com|window.location.href=.https://waf.tencent.com/501page.html",
766 |             "signatures": [
767 |                 "3f82:RVZXum60OEhCWapBYKcPk4JzWOpohM4IiUYMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tKaK99nui7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTD"
768 |             ]
769 |         },
770 |         "tmg": {
771 |             "company": "Microsoft",
772 |             "name": "Forefront Threat Management Gateway",
773 |             "regex": "",
774 |             "signatures": [
775 |                 "4d00:RVZXum60OEhCWKpAYKYPkoJyWOpohM4JiUYMr2RWg1qQJLX3uhdOnthsOj+hX7AB16BcPhJPdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq+c3qA4chS1XaTC"
776 |             ]
777 |         },
778 |         "urlmaster": {
779 |             "company": "iFinity/DotNetNuke",
780 |             "name": "Url Master SecurityCheck",
781 |             "regex": "UrlRewriteModule\\.SecurityCheck|X-UrlMaster-(Debug|Ex):",
782 |             "signatures": [
783 |                 "ddd8:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XaTC"
784 |             ]
785 |         },
786 |         "urlscan": {
787 |             "company": "Microsoft",
788 |             "name": "UrlScan",
789 |             "regex": "Rejected-By-UrlScan",
790 |             "signatures": [
791 |                 "0294:RVdXum60OEhCWKpAYKYPk4JyWOpohM4IiUYMrmRXg1qQJLX2uhdOn9htOj+hXrAB16FcPxJOdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC"
792 |             ]
793 |         },
794 |         "vercel": {
795 |             "company": "Vercel",
796 |             "name": "Vercel",
797 |             "regex": "<title>Vercel Security Checkpoint</title>|/vercel/security/",
798 |             "signatures": []
799 |         },
800 |         "vfw": {
801 |             "company": "OWASP",
802 |             "name": "Varnish Firewall",
803 |             "regex": "Request rejected by xVarnish-WAF",
804 |             "signatures": []
805 |         },
806 |         "virusdie": {
807 |             "company": "Virusdie LLC",
808 |             "name": "Virusdie",
809 |             "regex": "Virusdie</title>|http://cdn\\.virusdie\\.ru/splash/firewallstop\\.png|<meta name=\\\"FW_BLOCK\\\"",
810 |             "signatures": []
811 |         },
812 |         "vsf": {
813 |             "company": "Varnish Cache Project",
814 |             "name": "Varnish Security Firewall",
815 |             "regex": "<title>403 Naughty, not nice!</title>",
816 |             "signatures": [
817 |                 "26fa:RVZXum60OEhCWKpAYKYPkoJyWOpohM4JiUcMr2RXg1qQJLX3uhZOnthsOj+hXrAA16FcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTD"
818 |             ]
819 |         },
820 |         "wallarm": {
821 |             "company": "Wallarm",
822 |             "name": "Wallarm",
823 |             "regex": "Server: nginx-wallarm",
824 |             "signatures": [
825 |                 "c02b:RVZXu261OElCWapBYKcPk4JzWOpohM4JiUcMr2RWg1uQJbX3uhdOnthsOj+hXrAB16FcPxJOdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC"
826 |             ]
827 |         },
828 |         "wapples": {
829 |             "company": "Penta Security",
830 |             "name": "Wapples",
831 |             "regex": "",
832 |             "signatures": [
833 |                 "60b7:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1uQJLX2uhZOnthtOj+hXrAA16FcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XKTC"
834 |             ]
835 |         },
836 |         "watchguard": {
837 |             "company": "WatchGuard Technologies",
838 |             "name": "WatchGuard",
839 |             "regex": "Server: WatchGuard|Request denied by WatchGuard Firewall",
840 |             "signatures": [
841 |                 "4f4f:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RWg1uQJLX2uhZOnthsOj+hXrAA16FcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC",
842 |                 "2a3c:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RXg1uQJLX2uhZOnthsOj+hX7AA16FcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC",
843 |                 "aa64:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RXg1uQJLX2uhZOnthsOj+hX7AA16FcPhJOdLoXomtKaK59nui7c4RmkgI3FZjxtDtAeq+c3qA4chW1XaTC"
844 |             ]
845 |         },
846 |         "webarx": {
847 |             "company": "WebARX",
848 |             "name": "WebARX",
849 |             "regex": "/wp-content/plugins/webarx/includes/|This request has been blocked by.+?>WebARX<",
850 |             "signatures": []
851 |         },
852 |         "webknight": {
853 |             "company": "AQTRONIX",
854 |             "name": "WebKnight",
855 |             "regex": "WebKnight Application Firewall Alert|AQTRONIX WebKnight|HTTP Error 999\\.0 - AW Special Error",
856 |             "signatures": [
857 |                 "80f9:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJbX2uhdOnthtOj+hXrAB16FcPhJPdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC",
858 |                 "73e5:RVZXum60OEhCWKpAYKYPk4JyWOtohM4JiUcMrmRXg1uQJbX3uhZOnthsOj6hX7AA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XaTC",
859 |                 "d0f0:RVdXum60OEhCWKpAYKYPk4JyWOtohM4JiUcMrmRXg1uQJbX3uhdOn9htOj+hX7AA16FcPxJOdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC",
860 |                 "f0c3:RVZXum61OElCWKpAYKYPk4JyWOtohM4JiUcMr2RXg1uQJbX3uhZOnthsOj6hX7AA16BcPhJOdLoXo2tKaK59n+i6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC",
861 |                 "6763:RVZXum61OElCWKpAYKYPk4JzWOtohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
862 |                 "7701:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJbX2uhdOn9htOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
863 |                 "902b:RVdXum60OEhCWKpAYKYPk4JyWOpohM4IiUYMrmRXg1qQJbX2uhdOn9htOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c36A4chW1XaTC",
864 |                 "4d4d:RVdXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJbX2uhdOn9htOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC",
865 |                 "17a8:RVZXum60OEhCWKpAYKYPkoJyWOpohM4JiUcMrmRXg1qQJbX3uhdOnthtOj+hXrAB16FcPhJPdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq+c3qA4chS1XKTC"
866 |             ]
867 |         },
868 |         "webland": {
869 |             "company": "WebLand",
870 |             "name": "WebLand",
871 |             "regex": "Server: Apache Protected by Webland WAF",
872 |             "signatures": [
873 |                 "4ba0:RVZXum60OEhCWKpAYKYPkoJzWOpohc4IiUYMr2RWg1uQJLX3uhZOnthsOj6hXrAA16BcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC"
874 |             ]
875 |         },
876 |         "webseal": {
877 |             "company": "IBM",
878 |             "name": "WebSEAL",
879 |             "regex": "(?i)Server: WebSEAL|This is a WebSEAL error message template file|The Access Manager WebSEAL server received an invalid HTTP request",
880 |             "signatures": [
881 |                 "0338:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRWg1qQJLX2uhZOnthtOj+hXrAA16FcPhJOdLoXomtKaK59nui6c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC"
882 |             ]
883 |         },
884 |         "webtotem": {
885 |             "company": "WebTotem",
886 |             "name": "WebTotem",
887 |             "regex": "The current request was blocked by.+?>WebTotem<",
888 |             "signatures": []
889 |         },
890 |         "wordfence": {
891 |             "company": "Defiant",
892 |             "name": "Wordfence",
893 |             "regex": "Generated by Wordfence|This response was generated by Wordfence|broke one of the Wordfence (advanced )?blocking rules|: wfWAF|/plugins/wordfence",
894 |             "signatures": [
895 |                 "d04a:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTC",
896 |                 "26b1:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAA16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTC",
897 |                 "09cf:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtBeq6c3qA4chW1XaTC",
898 |                 "1834:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RXg1uQJLX3uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c36A4chW1XaTC",
899 |                 "d38c:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkwI3FZjxtDtAeq6c3qA4chW1XaTC",
900 |                 "d5bb:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1uQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTC",
901 |                 "3f1c:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTD",
902 |                 "dbfe:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA5chW1XaTC",
903 |                 "5b85:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMr2RXg1uQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA5chW1XaTD",
904 |                 "f806:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hX7AB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTC",
905 |                 "0f0d:RVZXum61OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkwI3FZjxtDtAeq6c3qA4chW1XaTC",
906 |                 "b13e:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJbX3uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTC",
907 |                 "40eb:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16BcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chW1XaTC",
908 |                 "93cd:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chS1XKTC",
909 |                 "ba7d:RVZXum60OEhCWKpAYKYPkoJyWOpohM4IiUYMrmRXg1qQJLX2uhdOnthtOj+hXrAB16FcPxJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq6c3qA4chW1XKTC"
910 |             ]
911 |         },
912 |         "wts": {
913 |             "company": "WTS",
914 |             "name": "WTS",
915 |             "regex": "Server: wts/|>WTS\\-WAF",
916 |             "signatures": [
917 |                 "e94f:RVZXum61OElCWapAYKYPkoJzWOpohM4JiUcMr2RXg1uQJLX3uhdOnthtOj+hX7AB16FcPhJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XKTC",
918 |                 "12ce:RVZXum61OElCWapAYKYPkoJzWOpohM4IiUYMr2RWg1uQJLX3uhdOnthtOj+hX7AB16FcPhJPdLsXo2tKaK99n+i7c4RmkgI2FZjxtDtAeq+c3qA4chW1XKTC"
919 |             ]
920 |         },
921 |         "yundun": {
922 |             "company": "Yundun",
923 |             "name": "Yundun",
924 |             "regex": "Blocked by YUNDUN Cloud WAF|yundun\\.com/yd_http_error/",
925 |             "signatures": [
926 |                 "4853:RVZXum61OEhCWapBYKcPk4JzWOtohM4JiUcMr2RXg1uQJbX3uhdOnthtOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4RmkgI2FZjxtDtAeq+c36A5chW1XaTC"
927 |             ]
928 |         },
929 |         "yunsuo": {
930 |             "company": "Yunsuo",
931 |             "name": "Yunsuo",
932 |             "regex": "yunsuo_session|<img class=\\\"yunsuologo\\\"",
933 |             "signatures": [
934 |                 "441b:RVZXum60OEhCWKpAYKYPkoJzWOtohM4JiUcMr2RXg1uQJbX3uhdOnthsOj+hX7AA16FcPxJOdLoXomtKaK59nui7c4VmkgI2FZjxtDtAeq+c3qA4chW1XKTC",
935 |                 "e795:RVZXum60OEhCWKpAYKYPkoJzWOpohM4JiUcMr2RXg1uQJbX3uhdOnthsOj+hX7AB16FcPhJPdLsXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XaTC",
936 |                 "7b8e:RVZXum60OEhCWKpAYKYPkoJzWOpohM4JiUcMr2RXg1uQJbX3uhdOnthsOj+hX7AA16FcPhJOdLoXomtKaK59nui7c4RmkgI2FZjxtDtAeq+c3qA4chW1XKTC"
937 |             ]
938 |         },
939 |         "zenedge": {
940 |             "company": "Zenedge",
941 |             "name": "Zenedge",
942 |             "regex": "(?s)Server: ZENEDGE.+?<div class=\\\"number\\\">403</div>",
943 |             "signatures": [
944 |                 "a8fb:RVdXu260OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4VmkwI2FZnxtDtBeq+c36A4chW1XaTD",
945 |                 "ba3d:RVdXu260OEhCWapBYKcPk4JzWOpohM4JiUcMr2RXg1uQJbX3uhdOn9htOj+hX7AB16FcPxJPdLsXo2tLaK99n+i7c4VmkwI2FZjxtDtAeq+c36A4chW1XaTD"
946 |             ]
947 |         }
948 |     }
949 | }
950 | 


--------------------------------------------------------------------------------
/identYwaf.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | 
  3 | """
  4 | Copyright (c) 2019-2022 Miroslav Stampar (@stamparm), MIT
  5 | See the file 'LICENSE' for copying permission
  6 | 
  7 | The above copyright notice and this permission notice shall be included in
  8 | all copies or substantial portions of the Software.
  9 | """
 10 | 
 11 | from __future__ import print_function
 12 | 
 13 | import base64
 14 | import codecs
 15 | import difflib
 16 | import json
 17 | import locale
 18 | import optparse
 19 | import os
 20 | import random
 21 | import re
 22 | import ssl
 23 | import socket
 24 | import string
 25 | import struct
 26 | import sys
 27 | import time
 28 | import zlib
 29 | 
 30 | PY3 = sys.version_info >= (3, 0)
 31 | 
 32 | if PY3:
 33 |     import http.cookiejar
 34 |     import http.client as httplib
 35 |     import urllib.request
 36 | 
 37 |     build_opener = urllib.request.build_opener
 38 |     install_opener = urllib.request.install_opener
 39 |     quote = urllib.parse.quote
 40 |     urlopen = urllib.request.urlopen
 41 |     CookieJar = http.cookiejar.CookieJar
 42 |     ProxyHandler = urllib.request.ProxyHandler
 43 |     Request = urllib.request.Request
 44 |     HTTPCookieProcessor = urllib.request.HTTPCookieProcessor
 45 | 
 46 |     xrange = range
 47 | else:
 48 |     import cookielib
 49 |     import httplib
 50 |     import urllib
 51 |     import urllib2
 52 | 
 53 |     build_opener = urllib2.build_opener
 54 |     install_opener = urllib2.install_opener
 55 |     quote = urllib.quote
 56 |     urlopen = urllib2.urlopen
 57 |     CookieJar = cookielib.CookieJar
 58 |     ProxyHandler = urllib2.ProxyHandler
 59 |     Request = urllib2.Request
 60 |     HTTPCookieProcessor = urllib2.HTTPCookieProcessor
 61 | 
 62 | NAME = "identYwaf"
 63 | VERSION = "1.0.135"
 64 | BANNER = r"""
 65 |                                    ` __ __ `
 66 |  ____  ___      ___  ____   ______ `|  T  T` __    __   ____  _____ 
 67 | l    j|   \    /  _]|    \ |      T`|  |  |`|  T__T  T /    T|   __|
 68 |  |  T |    \  /  [_ |  _  Yl_j  l_j`|  ~  |`|  |  |  |Y  o  ||  l_
 69 |  |  | |  D  YY    _]|  |  |  |  |  `|___  |`|  |  |  ||     ||   _|
 70 |  j  l |     ||   [_ |  |  |  |  |  `|     !` \      / |  |  ||  ] 
 71 | |____jl_____jl_____jl__j__j  l__j  `l____/ `  \_/\_/  l__j__jl__j  (%s)%s""".strip("\n") % (VERSION, "\n")
 72 | 
 73 | RAW, TEXT, HTTPCODE, SERVER, TITLE, HTML, URL = xrange(7)
 74 | COOKIE, UA, REFERER = "Cookie", "User-Agent", "Referer"
 75 | GET, POST = "GET", "POST"
 76 | GENERIC_PROTECTION_KEYWORDS = ("rejected", "forbidden", "suspicious", "malicious", "captcha", "invalid", "your ip", "please contact", "terminated", "protected", "unauthorized", "blocked", "protection", "incident", "denied", "detected", "dangerous", "firewall", "fw_block", "unusual activity", "bad request", "request id", "injection", "permission", "not acceptable", "security policy", "security reasons")
 77 | GENERIC_PROTECTION_REGEX = r"(?i)\b(%s)\b"
 78 | GENERIC_ERROR_MESSAGE_REGEX = r"\b[A-Z][\w, '-]*(protected by|security|unauthorized|detected|attack|error|rejected|allowed|suspicious|automated|blocked|invalid|denied|permission)[\w, '!-]*"
 79 | WAF_RECOGNITION_REGEX = None
 80 | HEURISTIC_PAYLOAD = "1 AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\"XSS\")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#"  # Reference: https://github.com/sqlmapproject/sqlmap/blob/master/lib/core/settings.py
 81 | PAYLOADS = []
 82 | SIGNATURES = {}
 83 | DATA_JSON = {}
 84 | DATA_JSON_FILE = os.path.join(os.path.dirname(__file__), "data.json")
 85 | MAX_HELP_OPTION_LENGTH = 18
 86 | IS_TTY = sys.stdout.isatty()
 87 | IS_WIN = os.name == "nt"
 88 | COLORIZE = not IS_WIN and IS_TTY
 89 | LEVEL_COLORS = {"o": "\033[00;94m", "x": "\033[00;91m", "!": "\033[00;93m", "i": "\033[00;95m", "=": "\033[00;93m", "+": "\033[00;92m", "-": "\033[00;91m"}
 90 | VERIFY_OK_INTERVAL = 5
 91 | VERIFY_RETRY_TIMES = 3
 92 | MIN_MATCH_PARTIAL = 5
 93 | DEFAULTS = {"timeout": 10}
 94 | MAX_MATCHES = 5
 95 | QUICK_RATIO_THRESHOLD = 0.2
 96 | MAX_JS_CHALLENGE_SNAPLEN = 120
 97 | ENCODING_TRANSLATIONS = {"windows-874": "iso-8859-11", "utf-8859-1": "utf8", "en_us": "utf8", "macintosh": "iso-8859-1", "euc_tw": "big5_tw", "th": "tis-620", "unicode": "utf8", "utc8": "utf8", "ebcdic": "ebcdic-cp-be", "iso-8859": "iso8859-1", "iso-8859-0": "iso8859-1", "ansi": "ascii", "gbk2312": "gbk", "windows-31j": "cp932", "en": "us"}  # Reference: https://github.com/sqlmapproject/sqlmap/blob/master/lib/request/basic.py
 98 | PROXY_TESTING_PAGE = "https://myexternalip.com/raw"
 99 | 
100 | if COLORIZE:
101 |     for _ in re.findall(r"`.+?`", BANNER):
102 |         BANNER = BANNER.replace(_, "\033[01;92m%s\033[00;49m" % _.strip('`'))
103 |     for _ in re.findall(r" [Do] ", BANNER):
104 |         BANNER = BANNER.replace(_, "\033[01;93m%s\033[00;49m" % _.strip('`'))
105 |     BANNER = re.sub(VERSION, r"\033[01;91m%s\033[00;49m" % VERSION, BANNER)
106 | else:
107 |     BANNER = BANNER.replace('`', "")
108 | 
109 | _ = random.randint(20, 64)
110 | DEFAULT_USER_AGENT = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; %s; rv:%d.0) Gecko/20100101 Firefox/%d.0" % (NAME, _, _)
111 | HEADERS = {"User-Agent": DEFAULT_USER_AGENT, "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "identity", "Cache-Control": "max-age=0"}
112 | 
113 | original = None
114 | options = None
115 | intrusive = None
116 | heuristic = None
117 | chained = False
118 | locked_code = None
119 | locked_regex = None
120 | non_blind = set()
121 | seen = set()
122 | blocked = []
123 | servers = set()
124 | codes = set()
125 | proxies = list()
126 | proxies_index = 0
127 | 
128 | _exit = sys.exit
129 | 
130 | def exit(message=None):
131 |     if message:
132 |         print("%s%s" % (message, ' ' * 20))
133 |     _exit(1)
134 | 
135 | def retrieve(url, data=None):
136 |     global proxies_index
137 | 
138 |     retval = {}
139 | 
140 |     if proxies:
141 |         while True:
142 |             try:
143 |                 opener = build_opener(ProxyHandler({"http": proxies[proxies_index], "https": proxies[proxies_index]}))
144 |                 install_opener(opener)
145 |                 proxies_index = (proxies_index + 1) % len(proxies)
146 |                 urlopen(PROXY_TESTING_PAGE).read()
147 |             except KeyboardInterrupt:
148 |                 raise
149 |             except:
150 |                 pass
151 |             else:
152 |                 break
153 | 
154 |     try:
155 |         req = Request("".join(url[_].replace(' ', "%20") if _ > url.find('?') else url[_] for _ in xrange(len(url))), data, HEADERS)
156 |         resp = urlopen(req, timeout=options.timeout)
157 |         retval[URL] = resp.url
158 |         retval[HTML] = resp.read()
159 |         retval[HTTPCODE] = resp.code
160 |         retval[RAW] = "%s %d %s\n%s\n%s" % (httplib.HTTPConnection._http_vsn_str, retval[HTTPCODE], resp.msg, str(resp.headers), retval[HTML])
161 |     except Exception as ex:
162 |         retval[URL] = getattr(ex, "url", url)
163 |         retval[HTTPCODE] = getattr(ex, "code", None)
164 |         try:
165 |             retval[HTML] = ex.read() if hasattr(ex, "read") else getattr(ex, "msg", str(ex))
166 |         except:
167 |             retval[HTML] = ""
168 |         retval[RAW] = "%s %s %s\n%s\n%s" % (httplib.HTTPConnection._http_vsn_str, retval[HTTPCODE] or "", getattr(ex, "msg", ""), str(ex.headers) if hasattr(ex, "headers") else "", retval[HTML])
169 | 
170 |     for encoding in re.findall(r"charset=[\s\"']?([\w-]+)", retval[RAW])[::-1] + ["utf8"]:
171 |         encoding = ENCODING_TRANSLATIONS.get(encoding, encoding)
172 |         try:
173 |             retval[HTML] = retval[HTML].decode(encoding, errors="replace")
174 |             break
175 |         except:
176 |             pass
177 | 
178 |     match = re.search(r"<title>\s*(?P<result>[^<]+?)\s*</title>", retval[HTML], re.I)
179 |     retval[TITLE] = match.group("result") if match and "result" in match.groupdict() else None
180 |     retval[TEXT] = re.sub(r"(?si)<script.+?</script>|<!--.+?-->|<style.+?</style>|<[^>]+>|\s+", " ", retval[HTML])
181 |     match = re.search(r"(?im)^Server: (.+)", retval[RAW])
182 |     retval[SERVER] = match.group(1).strip() if match else ""
183 |     return retval
184 | 
185 | def calc_hash(value, binary=True):
186 |     value = value.encode("utf8") if not isinstance(value, bytes) else value
187 |     result = zlib.crc32(value) & 0xffff
188 |     if binary:
189 |         result = struct.pack(">H", result)
190 |     return result
191 | 
192 | def single_print(message):
193 |     if message not in seen:
194 |         print(message)
195 |         seen.add(message)
196 | 
197 | def check_payload(payload, protection_regex=GENERIC_PROTECTION_REGEX % '|'.join(GENERIC_PROTECTION_KEYWORDS)):
198 |     global chained
199 |     global heuristic
200 |     global intrusive
201 |     global locked_code
202 |     global locked_regex
203 | 
204 |     time.sleep(options.delay or 0)
205 |     if options.post:
206 |         _ = "%s=%s" % ("".join(random.sample(string.ascii_letters, 3)), quote(payload))
207 |         intrusive = retrieve(options.url, _)
208 |     else:
209 |         _ = "%s%s%s=%s" % (options.url, '?' if '?' not in options.url else '&', "".join(random.sample(string.ascii_letters, 3)), quote(payload))
210 |         intrusive = retrieve(_)
211 | 
212 |     if options.lock and not payload.isdigit():
213 |         if payload == HEURISTIC_PAYLOAD:
214 |             match = re.search(re.sub(r"Server:|Protected by", "".join(random.sample(string.ascii_letters, 6)), WAF_RECOGNITION_REGEX, flags=re.I), intrusive[RAW] or "")
215 |             if match:
216 |                 result = True
217 | 
218 |                 for _ in match.groupdict():
219 |                     if match.group(_):
220 |                         waf = re.sub(r"\Awaf_", "", _)
221 |                         locked_regex = DATA_JSON["wafs"][waf]["regex"]
222 |                         locked_code = intrusive[HTTPCODE]
223 |                         break
224 |             else:
225 |                 result = False
226 | 
227 |             if not result:
228 |                 exit(colorize("[x] can't lock results to a non-blind match"))
229 |         else:
230 |             result = re.search(locked_regex, intrusive[RAW]) is not None and locked_code == intrusive[HTTPCODE]
231 |     elif options.string:
232 |         result = options.string in (intrusive[RAW] or "")
233 |     elif options.code:
234 |         result = options.code == intrusive[HTTPCODE]
235 |     else:
236 |         result = intrusive[HTTPCODE] != original[HTTPCODE] or (intrusive[HTTPCODE] != 200 and intrusive[TITLE] != original[TITLE]) or (re.search(protection_regex, intrusive[HTML]) is not None and re.search(protection_regex, original[HTML]) is None) or (difflib.SequenceMatcher(a=original[HTML] or "", b=intrusive[HTML] or "").quick_ratio() < QUICK_RATIO_THRESHOLD)
237 | 
238 |     if not payload.isdigit():
239 |         if result:
240 |             if options.debug:
241 |                 print("\r---%s" % (40 * ' '))
242 |                 print(payload)
243 |                 print(intrusive[HTTPCODE], intrusive[RAW])
244 |                 print("---")
245 | 
246 |             if intrusive[SERVER]:
247 |                 servers.add(re.sub(r"\s*\(.+\)\Z", "", intrusive[SERVER]))
248 |                 if len(servers) > 1:
249 |                     chained = True
250 |                     single_print(colorize("[!] multiple (reactive) rejection HTTP 'Server' headers detected (%s)" % ', '.join("'%s'" % _ for _ in sorted(servers))))
251 | 
252 |             if intrusive[HTTPCODE]:
253 |                 codes.add(intrusive[HTTPCODE])
254 |                 if len(codes) > 1:
255 |                     chained = True
256 |                     single_print(colorize("[!] multiple (reactive) rejection HTTP codes detected (%s)" % ', '.join("%s" % _ for _ in sorted(codes))))
257 | 
258 |             if heuristic and heuristic[HTML] and intrusive[HTML] and difflib.SequenceMatcher(a=heuristic[HTML] or "", b=intrusive[HTML] or "").quick_ratio() < QUICK_RATIO_THRESHOLD:
259 |                 chained = True
260 |                 single_print(colorize("[!] multiple (reactive) rejection HTML responses detected"))
261 | 
262 |     if payload == HEURISTIC_PAYLOAD:
263 |         heuristic = intrusive
264 | 
265 |     return result
266 | 
267 | def colorize(message):
268 |     if COLORIZE:
269 |         message = re.sub(r"\[(.)\]", lambda match: "[%s%s\033[00;49m]" % (LEVEL_COLORS[match.group(1)], match.group(1)), message)
270 | 
271 |         if any(_ in message for _ in ("rejected summary", "challenge detected")):
272 |             for match in re.finditer(r"[^\w]'([^)]+)'" if "rejected summary" in message else r"\('(.+)'\)", message):
273 |                 message = message.replace("'%s'" % match.group(1), "'\033[37m%s\033[00;49m'" % match.group(1), 1)
274 |         else:
275 |             for match in re.finditer(r"[^\w]'([^']+)'", message):
276 |                 message = message.replace("'%s'" % match.group(1), "'\033[37m%s\033[00;49m'" % match.group(1), 1)
277 | 
278 |         if "blind match" in message:
279 |             for match in re.finditer(r"\(((\d+)%)\)", message):
280 |                 message = message.replace(match.group(1), "\033[%dm%s\033[00;49m" % (92 if int(match.group(2)) >= 95 else (93 if int(match.group(2)) > 80 else 90), match.group(1)))
281 | 
282 |         if "hardness" in message:
283 |             for match in re.finditer(r"\(((\d+)%)\)", message):
284 |                 message = message.replace(match.group(1), "\033[%dm%s\033[00;49m" % (95 if " insane " in message else (91 if " hard " in message else (93 if " moderate " in message else 92)), match.group(1)))
285 | 
286 |     return message
287 | 
288 | def parse_args():
289 |     global options
290 | 
291 |     parser = optparse.OptionParser(version=VERSION)
292 |     parser.add_option("--delay", dest="delay", type=int, help="Delay (sec) between tests (default: 0)")
293 |     parser.add_option("--timeout", dest="timeout", type=int, help="Response timeout (sec) (default: 10)")
294 |     parser.add_option("--proxy", dest="proxy", help="HTTP proxy address (e.g. \"http://127.0.0.1:8080\")")
295 |     parser.add_option("--proxy-file", dest="proxy_file", help="Load (rotating) HTTP(s) proxy list from a file")
296 |     parser.add_option("--random-agent", dest="random_agent", action="store_true", help="Use random HTTP User-Agent header value")
297 |     parser.add_option("--code", dest="code", type=int, help="Expected HTTP code in rejected responses")
298 |     parser.add_option("--string", dest="string", help="Expected string in rejected responses")
299 |     parser.add_option("--post", dest="post", action="store_true", help="Use POST body for sending payloads")
300 |     parser.add_option("--debug", dest="debug", action="store_true", help=optparse.SUPPRESS_HELP)
301 |     parser.add_option("--fast", dest="fast", action="store_true", help=optparse.SUPPRESS_HELP)
302 |     parser.add_option("--lock", dest="lock", action="store_true", help=optparse.SUPPRESS_HELP)
303 | 
304 |     # Dirty hack(s) for help message
305 |     def _(self, *args):
306 |         retval = parser.formatter._format_option_strings(*args)
307 |         if len(retval) > MAX_HELP_OPTION_LENGTH:
308 |             retval = ("%%.%ds.." % (MAX_HELP_OPTION_LENGTH - parser.formatter.indent_increment)) % retval
309 |         return retval
310 | 
311 |     parser.usage = "python %s <host|url>" % parser.usage
312 |     parser.formatter._format_option_strings = parser.formatter.format_option_strings
313 |     parser.formatter.format_option_strings = type(parser.formatter.format_option_strings)(_, parser)
314 | 
315 |     for _ in ("-h", "--version"):
316 |         option = parser.get_option(_)
317 |         option.help = option.help.capitalize()
318 | 
319 |     try:
320 |         options, _ = parser.parse_args()
321 |     except SystemExit:
322 |         raise
323 | 
324 |     if len(sys.argv) > 1:
325 |         url = sys.argv[-1]
326 |         if not url.startswith("http"):
327 |             url = "http://%s" % url
328 |         options.url = url
329 |     else:
330 |         parser.print_help()
331 |         raise SystemExit
332 | 
333 |     for key in DEFAULTS:
334 |         if getattr(options, key, None) is None:
335 |             setattr(options, key, DEFAULTS[key])
336 | 
337 | def load_data():
338 |     global WAF_RECOGNITION_REGEX
339 | 
340 |     if os.path.isfile(DATA_JSON_FILE):
341 |         with codecs.open(DATA_JSON_FILE, "rb", encoding="utf8") as f:
342 |             DATA_JSON.update(json.load(f))
343 | 
344 |         WAF_RECOGNITION_REGEX = ""
345 |         for waf in DATA_JSON["wafs"]:
346 |             if DATA_JSON["wafs"][waf]["regex"]:
347 |                 WAF_RECOGNITION_REGEX += "%s|" % ("(?P<waf_%s>%s)" % (waf, DATA_JSON["wafs"][waf]["regex"]))
348 |             for signature in DATA_JSON["wafs"][waf]["signatures"]:
349 |                 SIGNATURES[signature] = waf
350 |         WAF_RECOGNITION_REGEX = WAF_RECOGNITION_REGEX.strip('|')
351 | 
352 |         flags = "".join(set(_ for _ in "".join(re.findall(r"\(\?(\w+)\)", WAF_RECOGNITION_REGEX))))
353 |         WAF_RECOGNITION_REGEX = "(?%s)%s" % (flags, re.sub(r"\(\?\w+\)", "", WAF_RECOGNITION_REGEX))  # patch for "DeprecationWarning: Flags not at the start of the expression" in Python3.7
354 |     else:
355 |         exit(colorize("[x] file '%s' is missing" % DATA_JSON_FILE))
356 | 
357 | def init():
358 |     os.chdir(os.path.abspath(os.path.dirname(__file__)))
359 | 
360 |     # Reference: http://blog.mathieu-leplatre.info/python-utf-8-print-fails-when-redirecting-stdout.html
361 |     if not PY3 and not IS_TTY:
362 |         sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.stdout)
363 | 
364 |     print(colorize("[o] initializing handlers..."))
365 | 
366 |     # Reference: https://stackoverflow.com/a/28052583
367 |     if hasattr(ssl, "_create_unverified_context"):
368 |         ssl._create_default_https_context = ssl._create_unverified_context
369 | 
370 |     if options.proxy_file:
371 |         if os.path.isfile(options.proxy_file):
372 |             print(colorize("[o] loading proxy list..."))
373 | 
374 |             with codecs.open(options.proxy_file, "rb", encoding="utf8") as f:
375 |                 proxies.extend(re.sub(r"\s.*", "", _.strip()) for _ in f.read().strip().split('\n') if _.startswith("http"))
376 |                 random.shuffle(proxies)
377 |         else:
378 |             exit(colorize("[x] file '%s' does not exist" % options.proxy_file))
379 | 
380 | 
381 |     cookie_jar = CookieJar()
382 |     opener = build_opener(HTTPCookieProcessor(cookie_jar))
383 |     install_opener(opener)
384 | 
385 |     if options.proxy:
386 |         opener = build_opener(ProxyHandler({"http": options.proxy, "https": options.proxy}))
387 |         install_opener(opener)
388 | 
389 |     if options.random_agent:
390 |         revision = random.randint(20, 64)
391 |         platform = random.sample(("X11; %s %s" % (random.sample(("Linux", "Ubuntu; Linux", "U; Linux", "U; OpenBSD", "U; FreeBSD"), 1)[0], random.sample(("amd64", "i586", "i686", "amd64"), 1)[0]), "Windows NT %s%s" % (random.sample(("5.0", "5.1", "5.2", "6.0", "6.1", "6.2", "6.3", "10.0"), 1)[0], random.sample(("", "; Win64", "; WOW64"), 1)[0]), "Macintosh; Intel Mac OS X 10.%s" % random.randint(1, 11)), 1)[0]
392 |         user_agent = "Mozilla/5.0 (%s; rv:%d.0) Gecko/20100101 Firefox/%d.0" % (platform, revision, revision)
393 |         HEADERS["User-Agent"] = user_agent
394 | 
395 | def format_name(waf):
396 |     return "%s%s" % (DATA_JSON["wafs"][waf]["name"], (" (%s)" % DATA_JSON["wafs"][waf]["company"]) if DATA_JSON["wafs"][waf]["name"] != DATA_JSON["wafs"][waf]["company"] else "")
397 | 
398 | def non_blind_check(raw, silent=False):
399 |     retval = False
400 |     match = re.search(WAF_RECOGNITION_REGEX, raw or "")
401 |     if match:
402 |         retval = True
403 |         for _ in match.groupdict():
404 |             if match.group(_):
405 |                 waf = re.sub(r"\Awaf_", "", _)
406 |                 non_blind.add(waf)
407 |                 if not silent:
408 |                     single_print(colorize("[+] non-blind match: '%s'%s" % (format_name(waf), 20 * ' ')))
409 |     return retval
410 | 
411 | def run():
412 |     global original
413 | 
414 |     hostname = options.url.split("//")[-1].split('/')[0].split(':')[0]
415 | 
416 |     if not hostname.replace('.', "").isdigit():
417 |         print(colorize("[i] checking hostname '%s'..." % hostname))
418 |         try:
419 |             socket.getaddrinfo(hostname, None)
420 |         except socket.gaierror:
421 |             exit(colorize("[x] host '%s' does not exist" % hostname))
422 | 
423 |     results = ""
424 |     signature = b""
425 |     counter = 0
426 |     original = retrieve(options.url)
427 | 
428 |     if 300 <= (original[HTTPCODE] or 0) < 400 and original[URL]:
429 |         original = retrieve(original[URL])
430 | 
431 |     options.url = original[URL]
432 | 
433 |     if original[HTTPCODE] is None:
434 |         exit(colorize("[x] missing valid response"))
435 | 
436 |     if not any((options.string, options.code)) and original[HTTPCODE] >= 400:
437 |         non_blind_check(original[RAW])
438 |         if options.debug:
439 |             print("\r---%s" % (40 * ' '))
440 |             print(original[HTTPCODE], original[RAW])
441 |             print("---")
442 |         exit(colorize("[x] access to host '%s' seems to be restricted%s" % (hostname, (" (%d: '<title>%s</title>')" % (original[HTTPCODE], original[TITLE].strip())) if original[TITLE] else "")))
443 | 
444 |     challenge = None
445 |     if all(_ in original[HTML].lower() for _ in ("eval", "<script")):
446 |         match = re.search(r"(?is)<body[^>]*>(.*)</body>", re.sub(r"(?is)<script.+?</script>", "", original[HTML]))
447 |         if re.search(r"(?i)<(body|div)", original[HTML]) is None or (match and len(match.group(1)) == 0):
448 |             challenge = re.search(r"(?is)<script.+</script>", original[HTML]).group(0).replace("\n", "\\n")
449 |             print(colorize("[x] anti-robot JS challenge detected ('%s%s')" % (challenge[:MAX_JS_CHALLENGE_SNAPLEN], "..." if len(challenge) > MAX_JS_CHALLENGE_SNAPLEN else "")))
450 | 
451 |     protection_keywords = GENERIC_PROTECTION_KEYWORDS
452 |     protection_regex = GENERIC_PROTECTION_REGEX % '|'.join(keyword for keyword in protection_keywords if keyword not in original[HTML].lower())
453 | 
454 |     print(colorize("[i] running basic heuristic test..."))
455 |     if not check_payload(HEURISTIC_PAYLOAD):
456 |         check = False
457 |         if options.url.startswith("https://"):
458 |             options.url = options.url.replace("https://", "http://")
459 |             check = check_payload(HEURISTIC_PAYLOAD)
460 |         if not check:
461 |             if non_blind_check(intrusive[RAW]):
462 |                 exit(colorize("[x] unable to continue due to static responses%s" % (" (captcha)" if re.search(r"(?i)captcha", intrusive[RAW]) is not None else "")))
463 |             elif challenge is None:
464 |                 exit(colorize("[x] host '%s' does not seem to be protected" % hostname))
465 |             else:
466 |                 exit(colorize("[x] response not changing without JS challenge solved"))
467 | 
468 |     if options.fast and not non_blind:
469 |         exit(colorize("[x] fast exit because of missing non-blind match"))
470 | 
471 |     if not intrusive[HTTPCODE]:
472 |         print(colorize("[i] rejected summary: RST|DROP"))
473 |     else:
474 |         _ = "...".join(match.group(0) for match in re.finditer(GENERIC_ERROR_MESSAGE_REGEX, intrusive[HTML])).strip().replace("  ", " ")
475 |         print(colorize(("[i] rejected summary: %d ('%s%s')" % (intrusive[HTTPCODE], ("<title>%s</title>" % intrusive[TITLE]) if intrusive[TITLE] else "", "" if not _ or intrusive[HTTPCODE] < 400 else ("...%s" % _))).replace(" ('')", "")))
476 | 
477 |     found = non_blind_check(intrusive[RAW] if intrusive[HTTPCODE] is not None else original[RAW])
478 | 
479 |     if not found:
480 |         print(colorize("[-] non-blind match: -"))
481 | 
482 |     for item in DATA_JSON["payloads"]:
483 |         info, payload = item.split("::", 1)
484 |         counter += 1
485 | 
486 |         if IS_TTY:
487 |             sys.stdout.write(colorize("\r[i] running payload tests... (%d/%d)\r" % (counter, len(DATA_JSON["payloads"]))))
488 |             sys.stdout.flush()
489 | 
490 |         if counter % VERIFY_OK_INTERVAL == 0:
491 |             for i in xrange(VERIFY_RETRY_TIMES):
492 |                 if not check_payload(str(random.randint(1, 9)), protection_regex):
493 |                     break
494 |                 elif i == VERIFY_RETRY_TIMES - 1:
495 |                     exit(colorize("[x] host '%s' seems to be misconfigured or rejecting benign requests%s" % (hostname, (" (%d: '<title>%s</title>')" % (intrusive[HTTPCODE], intrusive[TITLE].strip())) if intrusive[TITLE] else "")))
496 |                 else:
497 |                     time.sleep(5)
498 | 
499 |         last = check_payload(payload, protection_regex)
500 |         non_blind_check(intrusive[RAW])
501 |         signature += struct.pack(">H", ((calc_hash(payload, binary=False) << 1) | last) & 0xffff)
502 |         results += 'x' if last else '.'
503 | 
504 |         if last and info not in blocked:
505 |             blocked.append(info)
506 | 
507 |     _ = calc_hash(signature)
508 |     signature = "%s:%s" % (_.encode("hex") if not hasattr(_, "hex") else _.hex(), base64.b64encode(signature).decode("ascii"))
509 | 
510 |     print(colorize("%s[=] results: '%s'" % ("\n" if IS_TTY else "", results)))
511 | 
512 |     hardness = 100 * results.count('x') // len(results)
513 |     print(colorize("[=] hardness: %s (%d%%)" % ("insane" if hardness >= 80 else ("hard" if hardness >= 50 else ("moderate" if hardness >= 30 else "easy")), hardness)))
514 | 
515 |     if blocked:
516 |         print(colorize("[=] blocked categories: %s" % ", ".join(blocked)))
517 | 
518 |     if not results.strip('.') or not results.strip('x'):
519 |         print(colorize("[-] blind match: -"))
520 | 
521 |         if re.search(r"(?i)captcha", original[HTML]) is not None:
522 |             exit(colorize("[x] there seems to be an activated captcha"))
523 |     else:
524 |         print(colorize("[=] signature: '%s'" % signature))
525 | 
526 |         if signature in SIGNATURES:
527 |             waf = SIGNATURES[signature]
528 |             print(colorize("[+] blind match: '%s' (100%%)" % format_name(waf)))
529 |         elif results.count('x') < MIN_MATCH_PARTIAL:
530 |             print(colorize("[-] blind match: -"))
531 |         else:
532 |             matches = {}
533 |             markers = set()
534 |             decoded = base64.b64decode(signature.split(':')[-1])
535 |             for i in xrange(0, len(decoded), 2):
536 |                 part = struct.unpack(">H", decoded[i: i + 2])[0]
537 |                 markers.add(part)
538 | 
539 |             for candidate in SIGNATURES:
540 |                 counter_y, counter_n = 0, 0
541 |                 decoded = base64.b64decode(candidate.split(':')[-1])
542 |                 for i in xrange(0, len(decoded), 2):
543 |                     part = struct.unpack(">H", decoded[i: i + 2])[0]
544 |                     if part in markers:
545 |                         counter_y += 1
546 |                     elif any(_ in markers for _ in (part & ~1, part | 1)):
547 |                         counter_n += 1
548 |                 result = int(round(100.0 * counter_y / (counter_y + counter_n)))
549 |                 if SIGNATURES[candidate] in matches:
550 |                     if result > matches[SIGNATURES[candidate]]:
551 |                         matches[SIGNATURES[candidate]] = result
552 |                 else:
553 |                     matches[SIGNATURES[candidate]] = result
554 | 
555 |             if chained:
556 |                 for _ in list(matches.keys()):
557 |                     if matches[_] < 90:
558 |                         del matches[_]
559 | 
560 |             if not matches:
561 |                 print(colorize("[-] blind match: - "))
562 |                 print(colorize("[!] probably chained web protection systems"))
563 |             else:
564 |                 matches = [(_[1], _[0]) for _ in matches.items()]
565 |                 matches.sort(reverse=True)
566 | 
567 |                 print(colorize("[+] blind match: %s" % ", ".join("'%s' (%d%%)" % (format_name(matches[i][1]), matches[i][0]) for i in xrange(min(len(matches), MAX_MATCHES) if matches[0][0] != 100 else 1))))
568 | 
569 |     print()
570 | 
571 | def main():
572 |     if "--version" not in sys.argv:
573 |         print(BANNER)
574 | 
575 |     parse_args()
576 |     init()
577 |     run()
578 | 
579 | load_data()
580 | 
581 | if __name__ == "__main__":
582 |     try:
583 |         main()
584 |     except KeyboardInterrupt:
585 |         exit(colorize("\r[x] Ctrl-C pressed"))
586 | 


--------------------------------------------------------------------------------
/screenshots/360.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/360.png


--------------------------------------------------------------------------------
/screenshots/aesecure.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/aesecure.png


--------------------------------------------------------------------------------
/screenshots/airlock.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/airlock.png


--------------------------------------------------------------------------------
/screenshots/alertlogic.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/alertlogic.png


--------------------------------------------------------------------------------
/screenshots/aliyundun.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/aliyundun.png


--------------------------------------------------------------------------------
/screenshots/anquanbao.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/anquanbao.png


--------------------------------------------------------------------------------
/screenshots/approach.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/approach.png


--------------------------------------------------------------------------------
/screenshots/armor.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/armor.png


--------------------------------------------------------------------------------
/screenshots/asm.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/asm.png


--------------------------------------------------------------------------------
/screenshots/astra.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/astra.png


--------------------------------------------------------------------------------
/screenshots/aws.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/aws.png


--------------------------------------------------------------------------------
/screenshots/barracuda.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/barracuda.png


--------------------------------------------------------------------------------
/screenshots/bekchy.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/bekchy.png


--------------------------------------------------------------------------------
/screenshots/bitninja.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/bitninja.png


--------------------------------------------------------------------------------
/screenshots/bluedon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/bluedon.png


--------------------------------------------------------------------------------
/screenshots/bulletproof.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/bulletproof.png


--------------------------------------------------------------------------------
/screenshots/cdnns.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/cdnns.png


--------------------------------------------------------------------------------
/screenshots/cerber.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/cerber.png


--------------------------------------------------------------------------------
/screenshots/chuangyu.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/chuangyu.png


--------------------------------------------------------------------------------
/screenshots/cloudbric.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/cloudbric.png


--------------------------------------------------------------------------------
/screenshots/cloudflare.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/cloudflare.png


--------------------------------------------------------------------------------
/screenshots/cloudfront.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/cloudfront.png


--------------------------------------------------------------------------------
/screenshots/comodo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/comodo.png


--------------------------------------------------------------------------------
/screenshots/crawlprotect.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/crawlprotect.png


--------------------------------------------------------------------------------
/screenshots/distil.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/distil.png


--------------------------------------------------------------------------------
/screenshots/dotdefender.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/dotdefender.png


--------------------------------------------------------------------------------
/screenshots/duedge.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/duedge.png


--------------------------------------------------------------------------------
/screenshots/expressionengine.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/expressionengine.png


--------------------------------------------------------------------------------
/screenshots/fortiweb.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/fortiweb.png


--------------------------------------------------------------------------------
/screenshots/godaddy.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/godaddy.png


--------------------------------------------------------------------------------
/screenshots/greywizard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/greywizard.png


--------------------------------------------------------------------------------
/screenshots/gtmc.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/gtmc.png


--------------------------------------------------------------------------------
/screenshots/imunify360.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/imunify360.png


--------------------------------------------------------------------------------
/screenshots/incapsula.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/incapsula.png


--------------------------------------------------------------------------------
/screenshots/janusec.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/janusec.png


--------------------------------------------------------------------------------
/screenshots/jiasule.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/jiasule.png


--------------------------------------------------------------------------------
/screenshots/kona.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/kona.png


--------------------------------------------------------------------------------
/screenshots/kuipernet.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/kuipernet.png


--------------------------------------------------------------------------------
/screenshots/malcare.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/malcare.png


--------------------------------------------------------------------------------
/screenshots/modsecurity.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/modsecurity.png


--------------------------------------------------------------------------------
/screenshots/naxsi.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/naxsi.png


--------------------------------------------------------------------------------
/screenshots/netscaler.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/netscaler.png


--------------------------------------------------------------------------------
/screenshots/newdefend.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/newdefend.png


--------------------------------------------------------------------------------
/screenshots/nexusguard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/nexusguard.png


--------------------------------------------------------------------------------
/screenshots/ninjafirewall.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/ninjafirewall.png


--------------------------------------------------------------------------------
/screenshots/onmessageshield.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/onmessageshield.png


--------------------------------------------------------------------------------
/screenshots/openrasp.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/openrasp.png


--------------------------------------------------------------------------------
/screenshots/paloalto.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/paloalto.png


--------------------------------------------------------------------------------
/screenshots/profense.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/profense.png


--------------------------------------------------------------------------------
/screenshots/radware.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/radware.png


--------------------------------------------------------------------------------
/screenshots/reblaze.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/reblaze.png


--------------------------------------------------------------------------------
/screenshots/requestvalidationmode.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/requestvalidationmode.png


--------------------------------------------------------------------------------
/screenshots/rsfirewall.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/rsfirewall.png


--------------------------------------------------------------------------------
/screenshots/safe3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/safe3.png


--------------------------------------------------------------------------------
/screenshots/safedog.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/safedog.png


--------------------------------------------------------------------------------
/screenshots/safeline.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/safeline.png


--------------------------------------------------------------------------------
/screenshots/secupress.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/secupress.png


--------------------------------------------------------------------------------
/screenshots/secureentry.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/secureentry.png


--------------------------------------------------------------------------------
/screenshots/secureiis.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/secureiis.png


--------------------------------------------------------------------------------
/screenshots/securesphere.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/securesphere.png


--------------------------------------------------------------------------------
/screenshots/shieldsecurity.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/shieldsecurity.png


--------------------------------------------------------------------------------
/screenshots/siteground.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/siteground.png


--------------------------------------------------------------------------------
/screenshots/siteguard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/siteguard.png


--------------------------------------------------------------------------------
/screenshots/sitelock.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/sitelock.png


--------------------------------------------------------------------------------
/screenshots/sonicwall.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/sonicwall.png


--------------------------------------------------------------------------------
/screenshots/squarespace.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/squarespace.png


--------------------------------------------------------------------------------
/screenshots/stackpath.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/stackpath.png


--------------------------------------------------------------------------------
/screenshots/sucuri.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/sucuri.png


--------------------------------------------------------------------------------
/screenshots/tencent.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/tencent.png


--------------------------------------------------------------------------------
/screenshots/urlmaster.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/urlmaster.png


--------------------------------------------------------------------------------
/screenshots/urlscan.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/urlscan.png


--------------------------------------------------------------------------------
/screenshots/vercel.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/vercel.png


--------------------------------------------------------------------------------
/screenshots/virusdie.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/virusdie.png


--------------------------------------------------------------------------------
/screenshots/vsf.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/vsf.png


--------------------------------------------------------------------------------
/screenshots/wallarm.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/wallarm.png


--------------------------------------------------------------------------------
/screenshots/watchguard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/watchguard.png


--------------------------------------------------------------------------------
/screenshots/webarx.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/webarx.png


--------------------------------------------------------------------------------
/screenshots/webknight.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/webknight.png


--------------------------------------------------------------------------------
/screenshots/webland.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/webland.png


--------------------------------------------------------------------------------
/screenshots/wordfence.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/wordfence.png


--------------------------------------------------------------------------------
/screenshots/wts.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/wts.png


--------------------------------------------------------------------------------
/screenshots/yundun.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/yundun.png


--------------------------------------------------------------------------------
/screenshots/yunsuo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/yunsuo.png


--------------------------------------------------------------------------------
/screenshots/zenedge.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/stamparm/identYwaf/ae7e44ae8da6f01be3f63d7edfe6ea77240ff42c/screenshots/zenedge.png


--------------------------------------------------------------------------------